explainer-video-guide
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation includes an installation command
curl -fsSL https://cli.inference.sh | sh. This 'curl pipe sh' pattern executes a remote script directly in the local shell environment without prior verification. This is a significant security risk as the script's contents could be maliciously altered by an attacker who compromises the domain or the delivery channel.- [EXTERNAL_DOWNLOADS]: The skill usesnpx skills addto fetch additional modules from theinference-shrepository at runtime, which involves downloading and executing code from external sources.- [COMMAND_EXECUTION]: The skill relies on theinfshcommand-line utility to interact with AI models and perform media assembly. It requires permissions to execute these shell commands and manage local file output.- [PROMPT_INJECTION]: The skill architecture is vulnerable to indirect prompt injection. - Ingestion points: User-provided text strings for video scripts and visual descriptions are ingested as inputs to the
infshcommand arguments. - Boundary markers: No delimiters or safety instructions are present to prevent the agent from inadvertently following instructions embedded within these user-supplied strings.
- Capability inventory: The skill has access to shell execution via the
Bashtool, network communication with external AI providers, and file system write access. - Sanitization: There is no evidence of input validation or escaping for the data interpolated into command-line arguments.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata