Skills
skills/toolshell/skills/p-video/Gen Agent Trust Hub

p-video

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the infsh CLI tool to interact with the inference.sh API. This is the primary function and is correctly scoped in the skill's allowed tools metadata.\n- [EXTERNAL_DOWNLOADS]: The skill documentation includes instructions for adding external skills from the inference-sh repository via the npx skills add command. These are standard dependencies for the provided functionality.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by design, as it takes user text to generate videos.\n
  • Ingestion points: User prompt strings are ingested into the --input field of the infsh command as shown in SKILL.md examples.\n
  • Boundary markers: There are no explicit markers used to separate user-provided content from the command-line arguments.\n
  • Capability inventory: The skill is granted permission to execute infsh commands within a Bash environment.\n
  • Sanitization: The skill does not perform any validation or sanitization of the user input before it is passed to the video generation tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 01:19 PM
Security Audit — agent-trust-hub — p-video