Skills
skills/inference-sh-4/skills/ai-voice-cloning/Gen Agent Trust Hub

ai-voice-cloning

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Remote Code Execution (CRITICAL): The skill's 'Quick Start' section instructs the user to run curl -fsSL https://cli.inference.sh | sh. This is a highly dangerous pattern that downloads a script from an untrusted external domain and executes it directly in the shell without any verification. This allows the remote server to execute arbitrary commands on the host system.
  • External Downloads (HIGH): The skill also suggests using npx skills add to install additional packages from the inference-sh namespace. Since this namespace is not part of the trusted external sources list, these downloads are considered unverifiable and risky.
  • Indirect Prompt Injection (LOW): The skill interpolates user-controlled text into shell commands via the infsh app run tool.
  • Ingestion points: Text inputs for voice generation within the SKILL.md examples.
  • Boundary markers: None identified. The skill does not provide delimiters or instructions to the agent to ignore embedded commands in the input text.
  • Capability inventory: The skill has access to the Bash tool to run the infsh CLI.
  • Sanitization: There is no evidence of input validation or escaping for the strings passed to the CLI.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 11:00 PM