explainer-video-guide
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (CRITICAL): In
SKILL.md, the commandcurl -fsSL https://cli.inference.sh | shdownloads and executes a shell script from an untrusted third-party domain. This pattern is a major security vulnerability that allows a remote server to run arbitrary commands on the user's machine. - External Downloads (MEDIUM): The skill references multiple external dependencies via
npx skills add inference-sh/skills@.... These packages originate from an organization not included in the trusted list, posing a risk of supply chain attacks. - Indirect Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection by interpolating untrusted user data into command arguments.
- Ingestion points: User-provided text for video prompts and narration scripts within
SKILL.md. - Boundary markers: No delimiters or 'ignore' instructions are used to separate user input from the rest of the command.
- Capability inventory: The skill is granted
Bash(infsh *)tool access, which allows it to execute a wide range of media processing and system commands. - Sanitization: There is no evidence of input validation, escaping, or filtering before user data is passed to the shell.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata