content-repurposing
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation includes a command to install a CLI tool using
curl -fsSL https://cli.inference.sh | sh. Piping a remote script directly to a shell is a major security risk that can allow arbitrary code execution from a third-party source.\n- [EXTERNAL_DOWNLOADS]: The skill usesnpxto dynamically download and run packages from the npm registry (e.g.,npx skills add). This introduces untrusted external code at runtime.\n- [COMMAND_EXECUTION]: The skill is configured withallowed-tools: Bash(infsh *), giving the agent broad authority to execute any subcommand of theinfshtool, which could be exploited to perform unauthorized actions.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection during content repurposing.\n - Ingestion points: Processes user-supplied long-form text like blog posts and transcripts.\n
- Boundary markers: Lacks delimiters to isolate external content from instruction strings in tool prompts.\n
- Capability inventory: Has the ability to post to social media (X/Twitter) and generate media assets using the
infshtool.\n - Sanitization: No validation or filtering is applied to external content before it is processed by AI models.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata