Skills
skills/skillssh/skills/youtube-thumbnail-design/Gen Agent Trust Hub

youtube-thumbnail-design

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides a link to installation instructions for the infsh CLI hosted on the vendor's official GitHub repository (inference-sh/skills).
  • [COMMAND_EXECUTION]: Utilizes the infsh CLI tool to run image generation models and handle authentication. It also uses npx to add related functional skills from the vendor's repository.
  • [PROMPT_INJECTION]: The skill defines a surface where text is passed as a prompt to an external image generation service.
  • Ingestion points: The prompt field within the JSON input for the infsh command in SKILL.md.
  • Boundary markers: The prompt is encapsulated within a JSON object passed as a command-line argument.
  • Capability inventory: Execution of the infsh CLI via the Bash tool.
  • Sanitization: The skill does not explicitly define sanitization logic for the input prompts, relying on the underlying platform or user for input validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 12:52 AM
Security Audit — agent-trust-hub — youtube-thumbnail-design