talking-head-production
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's setup instructions direct the user to run 'curl -fsSL https://cli.inference.sh | sh', a pattern that executes arbitrary code from a remote server without verification. This is a high-risk operation that can lead to full system compromise if the remote source is malicious or compromised.
- [EXTERNAL_DOWNLOADS]: The skill downloads binaries from 'dist.inference.sh' and adds external skills using 'npx' from the 'inference-sh/skills' repository. These sources are not included in the trusted vendor list, posing a risk of untrusted dependency injection.
- [COMMAND_EXECUTION]: The skill requires permission to use 'Bash' for executing 'infsh' CLI commands. This provides the agent with broad capabilities to interact with the host system and remote APIs, which increases the potential impact of other vulnerabilities.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection where user-provided content for video scripts and image generation is used as input for shell commands.
- Ingestion points: User input is interpolated into the '--input' JSON string for 'infsh app run' commands in SKILL.md.
- Boundary markers: There are no delimiters or 'ignore' instructions to prevent the model from interpreting malicious commands embedded in user data.
- Capability inventory: The skill can execute shell commands and call remote AI services via the 'infsh' tool.
- Sanitization: No input validation or escaping mechanisms are present in the provided examples.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata