ai-music-generation
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions include a command to install the CLI using
curl -fsSL https://cli.inference.sh | sh. This pattern executes a remote script directly in the shell without prior verification, which is a high-risk operation even when sourced from the vendor's domain. - [EXTERNAL_DOWNLOADS]: The installation script downloads binary files from
dist.inference.sh. This introduces external, unverified executable code into the agent's environment. - [COMMAND_EXECUTION]: The skill uses the
Bashtool to runinfshcommands. This allows the agent to execute subprocesses and interact with system resources to perform its functions. - [DATA_EXFILTRATION]: User-provided prompts and lyrics are sent to the
inference.shAPI for processing. Any sensitive data included in these inputs will be transmitted to the vendor's servers. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it interpolates user-controlled music descriptions into CLI commands.
- Ingestion points: The
--inputJSON payload containingpromptandlyricsfields in theinfshcommand inSKILL.md. - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat user input as non-executable data.
- Capability inventory: The skill allows shell command execution and remote API interaction via the
infshtool. - Sanitization: The skill lacks visible sanitization or validation mechanisms for the user-provided strings before they are passed to the shell.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata