Skills
skills/1nfsh-s3/skills/dialogue-audio/Gen Agent Trust Hub

dialogue-audio

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Remote Code Execution (CRITICAL): The skill explicitly commands the execution of a remote script from https://cli.inference.sh by piping it directly to the shell (| sh). This pattern bypasses verification and allows an external source to execute arbitrary code on the user's system.\n- External Downloads (MEDIUM): The skill references and installs additional capabilities via npx skills add inference-sh/skills, which points to an untrusted third-party organization not included in the safe list.\n- Command Execution (MEDIUM): The skill utilizes Bash(infsh *), granting the agent broad authority to execute any subcommand of the potentially malicious infsh CLI tool downloaded in the previous step.\n- Indirect Prompt Injection (LOW): The skill provides an interface for processing external text through the infsh tool without sanitization.\n
  • Ingestion points: User input is interpolated into the prompt field of the infsh app run command within SKILL.md.\n
  • Boundary markers: None present to isolate user-provided text from command instructions.\n
  • Capability inventory: Uses bash to interact with external inference APIs and manage local file output.\n
  • Sanitization: No input validation or escaping mechanisms are implemented for the processed text.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 19, 2026, 08:09 PM