ai-content-pipeline
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to install the inference tool using the command
curl -fsSL https://cli.inference.sh | sh. This 'pipe to shell' pattern is a critical risk as it executes a remote script with host privileges without verifying the script's contents. - [COMMAND_EXECUTION]: The skill relies on the
Bashtool to executeinfshcommands. This capability allows the agent to run the downloaded binaries and interact with external services, which could be exploited if the initial installation is compromised. - [EXTERNAL_DOWNLOADS]: The skill references external binaries and checksums from
dist.inference.sh. While the skill provides claims about its safety, the installation method bypasses standard package management security. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it constructs media pipelines where output from one AI model is directly passed as input to another tool. * Ingestion points: Data from files like
script.jsonandsummary.json(generated by models) are used as inputs for theinfshCLI. * Boundary markers: There are no delimiters or instructions to ignore embedded commands within the piped data. * Capability inventory: The agent has permission to execute anyinfshcommand via theBashtool. * Sanitization: No sanitization or validation of the content produced by external models is performed before it is processed by subsequent pipeline stages.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata