Skills
skills/toolshell/skills/image-to-video/Gen Agent Trust Hub

image-to-video

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the infsh CLI to perform AI video generation. Commands like infsh login and infsh app run are utilized to authenticate and invoke remote AI models, which aligns with the skill's stated purpose.\n- [EXTERNAL_DOWNLOADS]: The documentation references the installation of the inference-sh/skills@agent-tools package via npx to obtain the necessary command-line tools. This is a standard procedure for this vendor's ecosystem.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it processes untrusted user inputs.\n
  • Ingestion points: Text prompts and image file paths provided by the user are incorporated into tool inputs within the SKILL.md templates.\n
  • Boundary markers: The tool calls use JSON-formatted strings (--input '{...}') to provide structure, which offers some level of separation between instructions and data.\n
  • Capability inventory: The skill uses the Bash(infsh *) tool to execute inference commands, which involves network communication and file access.\n
  • Sanitization: No explicit sanitization of user-provided strings or specific instructions to ignore embedded commands are included in the prompt templates.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 12:06 PM