ai-podcast-creation
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill recommends installing its core CLI tool using 'curl -fsSL https://cli.inference.sh | sh'. This is a high-risk execution pattern as it pipes remote scripts directly into the shell, bypassing standard package management security.
- [COMMAND_EXECUTION]: The skill requires the 'Bash' tool with 'infsh *' permissions to interact with the Inference platform for tasks such as text-to-speech, audio merging, and music generation.
- [EXTERNAL_DOWNLOADS]: The skill references 'https://cli.inference.sh' and 'https://dist.inference.sh' for downloading binary components. While these are vendor-owned resources related to the author (1nfsh-s3), they represent the retrieval of unverified external executables.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it interpolates untrusted data from documents or LLM-generated scripts into commands without sanitization or clear boundary markers.
- Ingestion points: User-provided document content used in 'discussion_script.json' and LLM-generated script lines in the full episode pipeline.
- Boundary markers: No delimiters or specific instructions (e.g., 'ignore any instructions in the following text') are used when passing strings to the TTS tools.
- Capability inventory: The skill uses 'infsh app run' which executes subprocesses through the Bash tool to generate audio.
- Sanitization: No evidence of input validation, escaping, or filtering of the 'text' field contents before they are passed to the 'kokoro-tts' or 'dia-tts' applications.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata