ai-music-generation
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Remote Code Execution] (CRITICAL): The file 'SKILL.md' contains a direct command to download and execute a script: 'curl -fsSL https://cli.inference.sh | sh'. This is a high-risk pattern that allows the remote server to execute arbitrary shell commands on the user's machine without any prior verification or integrity checks.
- [External Downloads] (HIGH): The domain 'cli.inference.sh' is not included in the list of trusted external sources. Executing code from unverified third-party domains is a critical security vulnerability.
- [Command Execution] (MEDIUM): The skill configuration allows the 'Bash' tool for any 'infsh' command. This grants the agent broad power to execute system commands, which, combined with the untrusted installation method, creates a significant attack surface.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata