Skills
skills/tool-belt/skills/ai-avatar-video/Gen Agent Trust Hub

ai-avatar-video

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides a link to CLI installation instructions hosted on the inference-sh GitHub repository at https://raw.githubusercontent.com/inference-sh/skills/refs/heads/main/cli-install.md.
  • [COMMAND_EXECUTION]: Uses the infsh command-line tool via the Bash tool to authenticate users, list available AI models, and execute video generation tasks.
  • [PROMPT_INJECTION]: A surface for indirect prompt injection exists because the skill takes untrusted external URLs for image and audio processing as input to CLI commands.
  • Ingestion points: The --input JSON payload for infsh app run commands accepts user-provided image_url and audio_url fields (found in SKILL.md).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded content are used in the command templates.
  • Capability inventory: The infsh tool executes remote inference jobs and can download content from provided URLs.
  • Sanitization: The skill does not include steps for validating or sanitizing the content of the provided URLs before passing them to the tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 08:03 AM