Skills
skills/tool-belt/skills/ai-video-generation/Gen Agent Trust Hub

ai-video-generation

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references external installation instructions and documentation hosted on the vendor's GitHub repository (inference-sh/skills).- [COMMAND_EXECUTION]: The skill relies on the infsh CLI tool to perform its operations. It uses the Bash(infsh *) tool configuration, which correctly restricts the agent's shell access to the specific vendor tool.- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by passing user-supplied strings and URLs directly into CLI command arguments.
  • Ingestion points: Prompt and media URL fields within the JSON input for the infsh app run command.
  • Boundary markers: Absent. While the input is structured as JSON, there are no instructions to ignore embedded commands within the prompt text.
  • Capability inventory: Shell command execution via the Bash tool, scoped to infsh.
  • Sanitization: No sanitization or validation of user-provided strings is mentioned in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 08:03 AM