content-repurposing
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill explicitly includes the command
curl -fsSL https://cli.inference.sh | sh. This is a high-risk pattern that executes a remote script directly in the shell. Sinceinference.shis not a trusted source, this allows the remote server to execute arbitrary malicious code on the user's machine. - EXTERNAL_DOWNLOADS (HIGH): The skill relies on downloading an unverified binary and various remote 'apps' from a third-party platform (
inference.sh). This introduces a significant supply chain risk where the CLI or the remote apps could be compromised. - COMMAND_EXECUTION (MEDIUM): The skill requests
Bash(infsh *)permissions, enabling the agent to execute any command within theinfshecosystem. This includes logging into services and performing network-based actions like posting to social media. - PROMPT_INJECTION (LOW): The skill is designed to process untrusted external data (e.g., blog posts, podcast transcripts) for repurposing. This creates an indirect prompt injection surface where malicious instructions in the source text could attempt to manipulate the agent's behavior during the conversion process.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata