Skills
skills/inf-sh/skills/speech-to-text/Gen Agent Trust Hub

speech-to-text

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The skill's 'Quick Start' section recommends executing curl -fsSL https://cli.inference.sh | sh. This is a highly insecure practice that executes remote code without prior verification or integrity checks.
  • REMOTE_CODE_EXECUTION (HIGH): Piped shell execution from an untrusted external domain allows the remote server to execute arbitrary commands on the user's local machine.
  • COMMAND_EXECUTION (MEDIUM): The skill defines allowed-tools: Bash(infsh *), granting the agent the ability to execute any subcommand of the infsh CLI, which was installed via an untrusted method.
  • CREDENTIALS_UNSAFE (LOW): The setup process includes infsh login, which implies the storage and handling of authentication tokens for the inference.sh platform. While not hardcoded, the installation method makes these credentials vulnerable to the installed tool.
  • PROMPT_INJECTION (LOW): Category 8 (Indirect Prompt Injection) surface detected. The skill processes audio from untrusted external audio_url inputs.
  • Ingestion points: Audio data is fetched from external URLs provided in the input JSON (e.g., meeting.mp3, video.mp4).
  • Boundary markers: None identified in the provided SKILL.md to distinguish between transcription content and instructions.
  • Capability inventory: The skill has Bash execution capabilities via the infsh tool.
  • Sanitization: No evidence of sanitization or filtering for the transcribed text before it is returned to the agent context.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 18, 2026, 02:00 AM