Skills
skills/toolshell/skills/explainer-video-guide/Gen Agent Trust Hub

explainer-video-guide

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating user-controlled text into command-line arguments for various AI generation models.
  • Ingestion points: The 'prompt' fields within the JSON input structures for the 'infsh app run' commands in SKILL.md.
  • Boundary markers: The examples lack explicit delimiters (like XML tags or triple quotes) or 'ignore' instructions to separate user content from the model's instructions.
  • Capability inventory: The skill uses the 'infsh' CLI to invoke remote AI models for video, image, and speech generation, as well as media processing tools for merging and captioning.
  • Sanitization: There is no evidence of input validation, escaping, or character filtering for the user-provided prompts in the provided pipeline.
  • [EXTERNAL_DOWNLOADS]: The skill references and installs additional functional modules from the 'inference-sh' ecosystem using 'npx skills add'. These are recognized as platform-specific extensions.
  • [COMMAND_EXECUTION]: The skill utilizes the 'infsh' command-line tool to interface with external AI services for media generation and file manipulation. This is the intended behavior for the described production workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 01:18 PM
Security Audit — agent-trust-hub — explainer-video-guide