ai-content-pipeline
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill instructs the user to install the inference.sh CLI by piping a script from an unverified remote URL directly to the shell (curl -fsSL https://cli.inference.sh | sh). This is a confirmed high-risk execution pattern.
- [COMMAND_EXECUTION] (MEDIUM): The skill requires Bash(infsh *) permissions to execute commands via the externally installed and unverified CLI tool.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill utilizes npx to fetch and add additional unverified skills from the inference-sh/skills repository.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection. (1) Ingestion points: Prompt inputs interpolated into infsh app run commands. (2) Boundary markers: Absent. (3) Capability inventory: Shell command execution via Bash. (4) Sanitization: None.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata