Skills
AGENT LAB: SKILLS
skills/inference-sh-3/skills/ai-content-pipeline/Gen Agent Trust Hub

ai-content-pipeline

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The skill explicitly includes the command curl -fsSL https://cli.inference.sh | sh. This 'pipe to shell' pattern from an untrusted source allows a remote server to execute arbitrary code on the host system without prior review.
  • EXTERNAL_DOWNLOADS (HIGH): The skill recommends adding multiple third-party skills using npx skills add inference-sh/skills@.... These sources are not within the defined trusted repositories or organizations, increasing the risk of supply chain attacks.
  • COMMAND_EXECUTION (MEDIUM): The frontmatter requests Bash(infsh *) permissions, granting the agent broad authority to execute any sub-command provided by the infsh tool.
  • INDIRECT_PROMPT_INJECTION (LOW): The content pipeline design moves data between various AI models without sanitization, creating an attack surface for instructions embedded in one model's output to influence subsequent steps.
  • Ingestion points: JSON output files like script.json and voice.json mentioned in SKILL.md.
  • Boundary markers: None are used to separate model-generated content from tool instructions.
  • Capability inventory: Extensive use of the infsh CLI via Bash.
  • Sanitization: No input validation or escaping logic is described in the workflow examples.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 19, 2026, 03:41 AM