content-repurposing
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill explicitly instructs the agent to execute
curl -fsSL https://cli.inference.sh | sh. This pattern is a major security vulnerability that allows an untrusted remote server to execute arbitrary commands on the user's system with no integrity verification. - [EXTERNAL_DOWNLOADS] (HIGH): The skill uses
npx skills addto install extensions frominference-sh/skills. This source is not part of the pre-approved trusted repositories list, posing a significant risk of supply chain compromise via unverified third-party code. - [COMMAND_EXECUTION] (MEDIUM): The skill requests
allowed-tools: Bash(infsh *). This grants the agent broad permission to execute any subcommand ofinfsh. Since theinfshCLI itself is installed via an untrusted remote script, this configuration facilitates the execution of potentially malicious code. - [PROMPT_INJECTION] (LOW): The skill processes untrusted external data (e.g., blog posts, podcasts) and interpolates it into prompts for other AI applications (like FLUX image generation or TTS). It lacks boundary markers or instructions to ignore embedded commands, making it susceptible to Indirect Prompt Injection (Category 8).
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata