Skills
skills/inference-sh-9/skills/ai-avatar-video/Gen Agent Trust Hub

ai-avatar-video

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Provides references to installation scripts and documentation hosted on the vendor's GitHub repository.
  • [COMMAND_EXECUTION]: Instructs users to use the infsh command-line tool for logging into the service and executing video generation models.
  • [PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection as it processes user-supplied media URLs for image and audio input.
  • Ingestion points: Media URLs (image_url, audio_url, video_url) provided in tool inputs in SKILL.md.
  • Boundary markers: None present to delineate untrusted URL content.
  • Capability inventory: Shell execution capabilities via the infsh tool.
  • Sanitization: No sanitization of user-provided URLs is performed before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 05:16 PM
Security Audit — agent-trust-hub — ai-avatar-video