text-to-speech
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill instructs the agent to execute
curl -fsSL https://cli.inference.sh | shto install the required software. - Evidence: Found in the Quick Start section of
SKILL.md. - Risk: The domain
inference.shis not a trusted source. Downloading and immediately executing code from the internet without integrity checks (like checksums) or manual review can lead to full system compromise if the source is malicious or compromised. - [COMMAND_EXECUTION] (MEDIUM): The skill requests broad permissions for the
infshcommand viaallowed-tools: Bash(infsh *). - Evidence: Defined in the YAML frontmatter of
SKILL.md. - Risk: This grants the AI agent the ability to run any subcommand of the
infshCLI. Since the CLI itself is installed via an untrusted script, this expands the attack surface for malicious operations on the local host. - [DATA_EXFILTRATION] (LOW): The instructions include a mandatory
infsh loginstep. - Evidence:
SKILL.md(Quick Start). - Risk: CLI login commands typically involve the creation or management of sensitive API tokens or session credentials. Using an unverified third-party CLI increases the risk of credential theft or exposure.
- [EXTERNAL_DOWNLOADS] (LOW): The skill's primary functionality is dependent on external binaries and scripts from an untrusted third-party domain.
- Evidence: References to
inference.shthroughout the markdown. - Risk: The skill relies on infrastructure that is not part of the trusted environment, creating a dependency on the security posture of an external entity.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata