content-repurposing
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill directs users to execute
curl -fsSL https://cli.inference.sh | sh. This pattern is extremely dangerous as it executes unverified code from an untrusted remote source with the privileges of the local shell. - [EXTERNAL_DOWNLOADS]: The skill utilizes
npx skills add inference-sh/skills@...to fetch and install external components from a non-trusted repository, which can lead to supply chain attacks. - [COMMAND_EXECUTION]: The skill defines
allowed-tools: Bash(infsh *), granting the agent unrestricted access to theinfshCLI tool and its various remote application capabilities. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection when processing external content like podcast transcripts and blog posts.
- Ingestion points: STT app output and blog content (SKILL.md).
- Boundary markers: No delimiters or safety instructions are used to isolate ingested data.
- Capability inventory: Capabilities include social media posting (
x/post-create) and video generation (veo-3-1-fast). - Sanitization: No validation or sanitization is performed on the data processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata