Skills
skills/inference-sh-9/skills/ai-social-media-content/Gen Agent Trust Hub

ai-social-media-content

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the infsh CLI to execute tasks such as image and video generation. Examples include batch processing and piping results to local files, which are standard for the CLI's functionality.
  • [EXTERNAL_DOWNLOADS]: The documentation references an installation script for the infsh CLI on a GitHub repository (inference-sh/skills). This is a vendor-controlled resource necessary for the skill's operation.
  • [PROMPT_INJECTION]: The skill contains a pattern for indirect prompt injection where user-provided input is used to construct prompts for remote AI models.
  • Ingestion points: The variables $CONCEPT and TOPICS in the bash examples take user input from the environment or command line.
  • Boundary markers: No specific delimiters or safety instructions are included to prevent user input from overriding the intended prompt logic.
  • Capability inventory: The skill uses Bash to invoke the infsh CLI, which interacts with remote APIs and can write data to the local file system.
  • Sanitization: There is no evidence of input validation or escaping for the user-provided content before it is embedded in the JSON payloads.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 04:10 AM
Security Audit — agent-trust-hub — ai-social-media-content