dialogue-audio
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill contains a confirmed remote code execution pattern:
curl -fsSL https://cli.inference.sh | sh. This method downloads a script from an unverified domain and executes it with the user's shell permissions without any integrity checks or inspection. - [EXTERNAL_DOWNLOADS] (HIGH): The skill depends on software from
https://cli.inference.sh, which is not on the list of trusted GitHub organizations or repositories. This poses a significant supply chain risk. - [COMMAND_EXECUTION] (MEDIUM): The skill requires the
Bash(infsh *)tool permission. This grants the agent broad authority to execute arbitrary sub-commands under theinfshnamespace, which, combined with the untrusted installation method, increases the attack surface. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The
promptfield in the JSON input forinfsh app runcommands (SKILL.md). - Boundary markers: Absent. External dialogue content is interpolated directly into the command structure without delimiters.
- Capability inventory: The
infshCLI allows network operations and media processing. - Sanitization: Absent. There is no evidence of input validation or escaping for the user-provided dialogue text.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata