google-veo
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent/user to install the 'infsh' CLI by piping a remote script directly into the shell: 'curl -fsSL https://cli.inference.sh | sh'. This execution of unverified code from an untrusted domain represents a critical security risk.\n- [EXTERNAL_DOWNLOADS]: In addition to the installation script, the skill downloads binaries and configurations from 'dist.inference.sh'. This domain is not recognized as a trusted organization or well-known service in the security framework.\n- [COMMAND_EXECUTION]: The skill requires 'Bash(infsh *)' tool permissions, granting the agent the capability to execute arbitrary commands through the infsh CLI, which could be leveraged for malicious purposes if the agent's instructions are compromised.\n- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by processing untrusted data into video generation prompts.\n
- Ingestion points: User-controlled JSON input in 'SKILL.md' examples (e.g., 'infsh app run ... --input').\n
- Boundary markers: No delimiters or protective instructions are used to separate user input from the command context.\n
- Capability inventory: 'Bash(infsh *)' tool access as specified in the 'allowed-tools' section of 'SKILL.md'.\n
- Sanitization: No input validation or sanitization mechanisms are present to prevent embedded instructions in the prompt fields.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata