Skills
skills/inference-sh-3/skills/ai-content-pipeline/Gen Agent Trust Hub

ai-content-pipeline

Fail

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides an installation command curl -fsSL https://cli.inference.sh | sh. This command fetches and executes a setup script from the vendor's official domain to install the infsh CLI utility.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to interact with the infsh command-line utility. Execution is restricted to the infsh tool via the allowed-tools configuration in SKILL.md.
  • [PROMPT_INJECTION]: The skill defines multi-step AI content pipelines where the output of one model (e.g., a script generated by Claude) serves as input for subsequent models (e.g., voiceover or avatar generation), creating a surface for indirect prompt injection.
  • Ingestion points: Input parameters in infsh app run commands across various automated workflows in SKILL.md.
  • Boundary markers: Not present; values are interpolated into prompts using placeholders without explicit delimiters or instruction-override protections.
  • Capability inventory: Bash tool restricted to infsh commands as defined in SKILL.md.
  • Sanitization: No evidence of input validation or output sanitization before passing data between pipeline steps.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 25, 2026, 01:02 AM