Skills
skills/1nfsh-s3/skills/ai-podcast-creation/Gen Agent Trust Hub

ai-podcast-creation

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • Remote Code Execution (CRITICAL): In SKILL.md, the skill directs the user or agent to execute curl -fsSL https://cli.inference.sh | sh. This is a classic piped remote execution pattern where a script is downloaded and immediately run. Since inference.sh is not a Trusted External Source, this constitutes a critical security risk as the script could perform any action the user has permissions for.\n- Command Execution (HIGH): The skill utilizes the Bash tool to execute the infsh CLI and other processes. Running arbitrary binaries downloaded at runtime is a high-risk activity that provides a path for malicious command execution.\n- Indirect Prompt Injection (LOW):\n
  • Ingestion points: Untrusted text and document content are ingested via the --input parameters of the infsh and openrouter tools in SKILL.md.\n
  • Boundary markers: While data is structured in JSON, there are no delimiters or instructions provided to the agent or tools to ignore potentially malicious embedded instructions in the text content.\n
  • Capability inventory: The skill has access to shell execution (Bash) and network-connected APIs, making it a viable target for exploitation.\n
  • Sanitization: No evidence of input sanitization or verification is present in the provided script or documentation.\n- External Downloads (MEDIUM): The skill suggests installing additional dependencies via npx skills add inference-sh/skills@..., which introduces unverifiable third-party content into the agent's environment.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 19, 2026, 07:59 PM