ai-voice-cloning
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill setup requires executing
curl -fsSL https://cli.inference.sh | sh. This is a critical security risk that allows an unverified remote server to execute arbitrary code on the local system. Sinceinference.shis not a trusted source, this is a confirmed malicious pattern. - COMMAND_EXECUTION (HIGH): The frontmatter allows broad access to the shell via
Bash(infsh *). This grants the AI agent permission to execute any subcommand of the unverifiedinfshbinary, which could be leveraged for malicious purposes. - EXTERNAL_DOWNLOADS (MEDIUM): The skill documentation encourages installing further components using
npx skills add, which involves downloading and executing packages from unverified third-party repositories. - PROMPT_INJECTION (LOW): Surface for indirect prompt injection (Category 8) detected. 1. Ingestion:
SKILL.md(text input in Bash calls). 2. Boundary markers: Absent. 3. Capability:Bashtool withinfshCLI. 4. Sanitization: Absent. Untrusted text processed through the tool could lead to poisoned outputs if re-ingested by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata