ai-music-generation
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides a command to install the vendor's CLI tool via
curl -fsSL https://cli.inference.sh | sh. This pattern executes a remote script directly in the shell. Analysis of the vendor context shows that the URL belongs to the skill author's infrastructure (inference.sh), and the script is used for legitimate environment detection and binary installation. - [COMMAND_EXECUTION]: The skill uses the
infshcommand-line utility to run AI models. The execution environment is restricted to this specific tool via theallowed-toolsfrontmatter configuration, which limits the potential for arbitrary command execution. - [EXTERNAL_DOWNLOADS]: The installation process downloads compiled binaries from
dist.inference.sh. The skill documentation notes that these downloads are verified with SHA-256 checksums to ensure integrity.
Audit Metadata