ai-content-pipeline
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill contains a 'Quick Start' instruction to run
curl -fsSL https://cli.inference.sh | sh. This is a highly dangerous pattern that downloads and executes an arbitrary script from an external server with the privileges of the current shell. This domain is not on the list of trusted external sources.\n- EXTERNAL_DOWNLOADS (MEDIUM): The skill promotes the addition of other skills from theinferencesh/skillsrepository usingnpx. These components are not from a verified or trusted organization and could lead to the execution of malicious logic within the agent's environment.\n- PROMPT_INJECTION (LOW): The pipeline definitions are vulnerable to indirect prompt injection as they ingest external data (prompts, URLs, script text) and interpolate them directly into tool calls.\n - Ingestion points:
prompt,text,image_url, andvideo_urlfields within theinfsh app runcommand payloads inSKILL.md.\n - Boundary markers: None present; data is passed directly as string values within JSON inputs.\n
- Capability inventory: The skill uses the
Bashtool to execute theinfshCLI, which has capabilities to generate, modify, and merge media files.\n - Sanitization: No sanitization or validation of the input strings is performed before they are passed to the external CLI tool.\n- COMMAND_EXECUTION (LOW): The skill relies on executing system commands through the
Bashtool. While restricted to theinfshbinary in theallowed-toolsfield, the reliance on shell execution for core functionality increases the attack surface if input handling is flawed.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata