speech-to-text
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill's 'Quick Start' section explicitly directs the execution of a remote script using the command
curl -fsSL https://cli.inference.sh | sh. This 'curl-to-shell' pattern is a significant security risk as it executes unverified code from an external domain (inference.sh) that is not included in the trusted source list. - COMMAND_EXECUTION (MEDIUM): The skill requires the
Bashtool withinfsh *permissions. This allows the agent to execute any subcommand of theinfshCLI, which may have capabilities for file system access, network operations, or credential management (as seen ininfsh login). - EXTERNAL_DOWNLOADS (LOW): The skill relies on software downloaded from a non-whitelisted external domain (inference.sh). While necessary for the skill's function, it introduces a dependency on an unverified third party.
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Audio and video URLs (
audio_url,video_url) provided as input to the transcription models. - Boundary markers: Absent. There are no instructions to ignore spoken commands within the audio or delimiters to separate data from instructions.
- Capability inventory: The skill has the ability to run shell commands (
infsh) and pipe outputs to other applications. - Sanitization: None. The transcription results (which could contain malicious instructions from the audio) are directly processed and used in subsequent steps, such as subtitle generation or further CLI commands.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata