dialogue-audio
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Remote Code Execution (CRITICAL): The skill uses the pattern
curl -fsSL https://cli.inference.sh | shin the Quick Start section. This is a critical security risk because it executes a remote script from an untrusted domain without any verification or integrity checks. - Command Execution (HIGH): The skill relies on the
infshbinary installed via the unverified shell script for all its primary functions (infsh login,infsh app run). This grants the unverified binary persistent execution capabilities on the host system. - External Downloads (MEDIUM): The skill utilizes
npx skills addto download additional logic frominference-sh/skills. As this repository and organization are not part of the established trusted sources list, this represents an unverifiable dependency risk.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata