Skills
skills/tul-sh/skills/video-ad-specs/Gen Agent Trust Hub

video-ad-specs

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool with infsh * permissions to interact with the Inference.sh command-line interface for tasks such as logging in and running video processing apps.
  • [EXTERNAL_DOWNLOADS]: The documentation instructs users to install several external dependencies and skills from the author's ecosystem (inference-sh/skills) using the npx skills add command.
  • [REMOTE_CODE_EXECUTION]: The skill demonstrates the use of the infsh app run command, which triggers the execution of various video generation, text-to-speech, and editing models on remote servers hosted at inference.sh.
  • [PROMPT_INJECTION]: The skill accepts natural language prompts which are interpolated into JSON payloads for command-line tools, creating a surface for indirect prompt injection.
  • Ingestion points: Prompt fields within the Bash code blocks in SKILL.md.
  • Boundary markers: Absent.
  • Capability inventory: The skill utilizes the Bash(infsh *) tool to execute remote processing and generation tasks (SKILL.md).
  • Sanitization: No sanitization or escaping of input strings is demonstrated in the skill file.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 08:26 AM