explainer-video-guide

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Remote Code Execution (CRITICAL): In SKILL.md, the command curl -fsSL https://cli.inference.sh | sh downloads and executes a shell script from an untrusted third-party domain. This pattern is a major security vulnerability that allows a remote server to run arbitrary commands on the user's machine.
  • External Downloads (MEDIUM): The skill references multiple external dependencies via npx skills add inference-sh/skills@.... These packages originate from an organization not included in the trusted list, posing a risk of supply chain attacks.
  • Indirect Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection by interpolating untrusted user data into command arguments.
  • Ingestion points: User-provided text for video prompts and narration scripts within SKILL.md.
  • Boundary markers: No delimiters or 'ignore' instructions are used to separate user input from the rest of the command.
  • Capability inventory: The skill is granted Bash(infsh *) tool access, which allows it to execute a wide range of media processing and system commands.
  • Sanitization: There is no evidence of input validation, escaping, or filtering before user data is passed to the shell.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 07:20 AM
Security Audit — agent-trust-hub — explainer-video-guide