content-repurposing
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation encourages installing a CLI tool via
curl -fsSL https://cli.inference.sh | sh. This pattern executes a remote script directly in the local shell, which is an unauthenticated and high-risk execution vector. - [EXTERNAL_DOWNLOADS]: The skill uses
npx skills addto fetch and integrate additional functionality frominference-sh/skillsat runtime. This introduces a dependency on external code hosted outside the primary skill package. - [COMMAND_EXECUTION]: The skill utilizes the
infshtool with broad permissions (Bash(infsh *)) to execute various AI-driven tasks. This tool performs network operations and interacts with external APIs to generate content and post to social media. - [PROMPT_INJECTION]: The skill is designed to ingest and reformat untrusted long-form content (such as blog posts or transcripts). This creates a vulnerability to indirect prompt injection if the source data contains malicious instructions intended to hijack the agent's behavior during the repurposing process.
- Ingestion points: External text and audio data processed by the
infshtool via the provided command templates. - Boundary markers: There are no explicit delimiters or system instructions defined to prevent the agent from obeying commands embedded within the source content.
- Capability inventory: The skill can execute shell commands (
infsh) and perform social media actions (x/post-create). - Sanitization: No validation or escaping of the input content is implemented in the skill's markdown logic.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata