Skills
AGENT LAB: SKILLS
skills/inference-sh-3/skills/speech-to-text/Gen Agent Trust Hub

speech-to-text

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill instructions include curl -fsSL https://cli.inference.sh | sh. This is a piped remote execution pattern that allows a script from an untrusted external domain to execute arbitrary code on the host system.
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill relies on downloading the infsh CLI tool from inference.sh, which is not included in the list of trusted external organizations.
  • [COMMAND_EXECUTION] (MEDIUM): The skill configuration allows the agent to execute any bash command prefixed with infsh, providing the agent with the ability to interact with external APIs and local data through this CLI tool.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection because it transcribes untrusted audio/video content. 1. Ingestion points: audio_url and video_url in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Bash(infsh *) allows for shell execution. 4. Sanitization: None detected; transcripts are returned directly to the agent's context.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 19, 2026, 03:41 AM