ai-podcast-creation
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (CRITICAL): The skill includes the command
curl -fsSL https://cli.inference.sh | shin its Quick Start instructions. This pattern is a major security risk as it downloads and executes code from an unverified external server (inference.sh) directly into the shell, bypassing all security reviews and integrity checks. - Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill references multiple external packages via
npx skills add inference-sh/skills, which involves the dynamic installation and execution of code from a third-party source not listed in the trusted organizations or repositories list. - Command Execution (MEDIUM): The skill requests
Bash(infsh *)tool permissions. Since theinfshbinary is installed via the aforementioned unverified script, this grants the agent the capability to perform arbitrary operations defined by a potentially malicious remote source.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata