text-to-speech
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill documentation and quick start guide instruct the agent to run
curl -fsSL https://cli.inference.sh | sh. This is a critical security risk as it downloads and executes an arbitrary script from a non-whitelisted domain directly in the shell environment without prior inspection or verification. - COMMAND_EXECUTION (MEDIUM): The skill requires the
Bashtool with permissions to executeinfsh *. This allows the agent to run any sub-command or flag provided by the external CLI, which could include file system access or network operations depending on the CLI's capabilities. - EXTERNAL_DOWNLOADS (MEDIUM): The installation script downloads binaries from
dist.inference.sh. Since this domain is not in the trusted source list, the integrity of these downloads cannot be verified by the system, posing a supply-chain risk. - PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Untrusted user input is interpolated directly into the
textfield of JSON payloads forinfsh app runcommands. - Boundary markers: Absent. The skill does not use delimiters (like XML tags or triple backticks) to separate user data from command instructions.
- Capability inventory: The skill has
Bashaccess to theinfshutility, which communicates with remote APIs. - Sanitization: Absent. There is no evidence of input validation or escaping before passing data to the shell.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata