content-repurposing
Fail
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the user to execute an installation script from 'https://cli.inference.sh' by piping it directly to the shell ('| sh'). While this originates from the vendor's domain, it is a high-risk pattern that allows for the execution of arbitrary remote code on the host system.
- [EXTERNAL_DOWNLOADS]: The skill fetches binaries and checksum verification files from 'dist.inference.sh' during the setup of the inference.sh CLI tool.
- [COMMAND_EXECUTION]: The skill relies on executing shell commands via a restricted 'infsh' tool wrapper to perform tasks like image generation and audio synthesis.
- [DATA_EXFILTRATION]: User content, such as blog posts and podcast transcripts, is transmitted to external AI providers (e.g., Fal.ai, Google, and X) through the 'infsh' command-line interface as part of the repurposing workflow.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it interpolates external data into prompts for secondary AI models.
- Ingestion points: The skill processes external 'long-form source' content such as blogs and podcasts (SKILL.md).
- Boundary markers: No clear delimiters or 'ignore' instructions are used when embedding content into JSON payloads for the CLI tools.
- Capability inventory: The skill utilizes subprocess execution, network access to cloud AI services, and social media posting capabilities.
- Sanitization: No evidence of input validation or sanitization of the source content is provided before it is used in prompt construction.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata