content-repurposing
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The installation command
curl -fsSL https://cli.inference.sh | shdownloads a script from an untrusted source and executes it directly in the system shell. This pattern is a major security vulnerability as the remote content is not cryptographically signed or verified before execution. - EXTERNAL_DOWNLOADS (HIGH): The skill uses
npx skills addto fetch multiple packages (inference-sh/skills@...) from a source not included in the Trusted External Sources list. This introduces a supply chain risk where malicious code could be introduced via these external dependencies. - COMMAND_EXECUTION (MEDIUM): The skill utilizes a custom CLI tool (
infsh) within Bash to perform operations like login, application execution, and social media posting. The skill requires full access to this tool, which can execute a wide variety of unverified remote AI applications. - PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection through its core functionality of processing external data.
- Ingestion points: The skill ingests untrusted long-form content such as blog posts and podcast transcripts.
- Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are used when passing content to the conversion tools.
- Capability inventory: The skill can execute commands, generate images/video, and post to social media platforms via the
infshCLI. - Sanitization: No evidence of sanitization or validation of the input content is provided before it is interpolated into tool commands.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata