ai-content-pipeline
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill instructs the user to execute
curl -fsSL https://cli.inference.sh | sh. This is a classic remote code execution (RCE) vector where a shell script is downloaded and immediately executed without prior review. - Evidence:
curl -fsSL https://cli.inference.sh | shin SKILL.md. - EXTERNAL_DOWNLOADS (CRITICAL): The domain
inference.shis not a trusted source according to security protocols. Downloading and running executables from unknown third-party domains poses a high risk of malware infection. - COMMAND_EXECUTION (HIGH): The skill makes extensive use of the
Bashtool to run theinfshCLI. This provides a broad attack surface where the agent could be manipulated into executing unintended system commands. - PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Processes external data such as
<blog-content>and<script-text>in the 'Blog to Video Pipeline'. - Boundary markers: Absent. External data is interpolated directly into JSON payloads for LLM tools.
- Capability inventory: Access to network-enabled tools (
infsh app run) and file system operations (redirecting output to.jsonfiles). - Sanitization: None detected. The skill assumes input data is benign.
- DYNAMIC EXECUTION (MEDIUM): The skill uses shell loops and variable interpolation to build command strings at runtime (e.g.,
infsh app run ... --input "{\"prompt\": \"Visual representing point $i: <point-text>\"}"). This can lead to command injection if the variables contain shell metacharacters.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata