ai-voice-cloning
Fail
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the user or agent to install the required command-line interface using
curl -fsSL https://cli.inference.sh | sh. This pattern executes a remote script directly in the shell without prior inspection. - [EXTERNAL_DOWNLOADS]: The skill utilizes
npx skills addto fetch and install additional modules from theinference-sh/skillsrepository, introducing external code dependencies into the environment. - [COMMAND_EXECUTION]: The skill relies on the
infshCLI tool to execute various audio processing tasks, including voice cloning and media merging, via theBashtool. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted user data (the
textfield for voice generation) which is then passed into command-line tools. - Ingestion points: User-provided text for TTS generation in
SKILL.mdexamples. - Boundary markers: Commands use JSON structures for input which provide some segmentation, but lack explicit instructions to ignore embedded commands.
- Capability inventory: The skill uses
Bash(infsh *)to execute platform-specific commands. - Sanitization: No explicit sanitization or escaping of the input text is documented within the skill instructions.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata