talking-head-production
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The installation instructions include 'curl -fsSL https://cli.inference.sh | sh'. This pattern is a significant security risk because it downloads and executes a script from the internet without any integrity verification or review. Although it is the primary installation method for the tool, it constitutes a remote code execution vector.
- [EXTERNAL_DOWNLOADS] (HIGH): The domain 'inference.sh' is not on the list of trusted providers. Executing scripts from untrusted external sources can lead to system compromise.
- [COMMAND_EXECUTION] (MEDIUM): The skill uses a custom CLI tool ('infsh') to interface with remote AI models and local files. This provides a broad capability for the agent to execute arbitrary commands through this wrapper, as defined in 'SKILL.md' under 'allowed-tools'.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8). 1. Ingestion points: Untrusted data enters via 'prompt' and 'input' fields in the 'infsh' command examples in 'SKILL.md'. 2. Boundary markers: Delimiters or 'ignore embedded instructions' warnings are absent. 3. Capability inventory: Subprocess calls via 'infsh' are available across all examples in 'SKILL.md'. 4. Sanitization: No escaping or validation of external content is performed.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata