ai-podcast-creation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill's 'Quick Start' section includes the command
curl -fsSL https://cli.inference.sh | sh. This pattern pipes a remote script directly into the shell, allowing for immediate and arbitrary code execution from a source outside of the trusted list. - [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). It features a 'NotebookLM-Style Content' workflow that ingests untrusted external data.
- Ingestion points: Untrusted document content is passed to the agent in the
NotebookLM-Style Contentsection ofSKILL.md. - Boundary markers: No delimiters or instructions to ignore embedded commands are present when interpolating
<your-document-content>into the prompt. - Capability inventory: The skill has access to
Bash(infsh *)as defined in the YAML frontmatter ofSKILL.md, which allows it to execute remote applications and local shell commands. - Sanitization: No sanitization or validation of the input document is performed before it is processed by the LLM.
- [COMMAND_EXECUTION] (HIGH): The skill explicitly requests and uses the
Bashtool to runinfshcommands. This provides a broad attack surface for an agent to be manipulated into executing malicious logic via the platform's CLI apps. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on the
inference.shplatform for its core functionality. As this domain is not included in the 'Trusted External Sources' list, the automated download and installation of its CLI constitute an unverified dependency risk.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata