ai-voice-cloning
Fail
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to install its required tooling by piping a remote script directly into the shell using the command 'curl -fsSL https://cli.inference.sh | sh'. This allows for arbitrary code execution from a network source that is not listed as a trusted vendor.
- [COMMAND_EXECUTION]: The skill makes extensive use of the 'infsh' CLI tool to run various AI models and merge media. These commands are executed via the Bash tool, providing a wide surface for potential command abuse if the tool itself is compromised or misused.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8).
- Ingestion points: User-provided text for speech generation is passed directly into the '--input' JSON payload of shell commands (e.g., 'infsh app run infsh/kokoro-tts --input ...').
- Boundary markers: The skill uses JSON formatting within the command string to separate the 'text' field from other parameters, though this does not prevent injection within the text value itself.
- Capability inventory: The agent has the capability to execute shell commands ('infsh') and redirect output to local files ('speaker1.json').
- Sanitization: There is no evidence of input validation, escaping, or sanitization of the text strings before they are interpolated into the shell command.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata