Skills
skills/1nfsh-s3/skills/ai-voice-cloning/Gen Agent Trust Hub

ai-voice-cloning

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The skill instructs the agent to execute a remote shell script via curl -fsSL https://cli.inference.sh | sh. This is a classic 'curl pipe to sh' attack vector that executes unverified code from an untrusted domain.
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill references several external packages via npx skills add inference-sh/skills@.... These dependencies are hosted on an untrusted third-party repository and are executed at runtime.
  • COMMAND_EXECUTION (LOW): The skill defines Bash(infsh *) as an allowed tool, granting the agent the ability to execute any command within the infsh CLI namespace, which is installed via the untrusted script above.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill processes user-supplied text through the input field of several models. This represents an attack surface where malicious input could influence the agent's behavior if not properly sanitized.
  • Ingestion points: The text parameter in the infsh app run commands (SKILL.md).
  • Boundary markers: None present in the provided examples.
  • Capability inventory: The skill allows arbitrary Bash execution for the infsh tool.
  • Sanitization: No evidence of sanitization or validation of the input text before processing.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 19, 2026, 08:02 PM