Skills
skills/tul-sh/skills/storyboard-creation/Gen Agent Trust Hub

storyboard-creation

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the infsh command-line tool via the Bash tool to perform image generation and manipulation tasks.
  • Evidence: Examples show the use of infsh login, infsh app run falai/flux-dev-lora, and infsh app run infsh/stitch-images to interface with the inference.sh platform.
  • [EXTERNAL_DOWNLOADS]: The skill documentation suggests installing external dependencies and related skill sets from the inference-sh ecosystem.
  • Evidence: References to npx skills add inference-sh/skills@agent-tools and other related skills are provided as installation instructions.
  • [PROMPT_INJECTION]: The skill is designed to process user-supplied scene descriptions and convert them into image prompts, which creates an attack surface for indirect prompt injection.
  • Ingestion points: User-provided scene, shot, and action descriptions in the storyboard workflow (SKILL.md).
  • Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present in the generation templates.
  • Capability inventory: The Bash(infsh *) tool allows for remote model execution, image generation, and network-based image stitching.
  • Sanitization: No explicit sanitization of user-provided strings before interpolation into shell commands or model prompts was identified.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 08:26 AM