content-repurposing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill contains the command
curl -fsSL https://cli.inference.sh | sh. This pattern downloads a script from the internet and pipes it directly into a shell for execution without any verification. Becauseinference.shis not an approved trusted source, this allows the remote server to execute arbitrary malicious code on the user's system. - [EXTERNAL_DOWNLOADS] (HIGH): The skill references several external packages using
npx skills add inferencesh/skills@.... These are unverifiable dependencies from an untrusted third-party source, presenting a significant supply chain risk. - [PROMPT_INJECTION] (HIGH): This skill is vulnerable to Indirect Prompt Injection (Category 8). It is designed to ingest external content (blogs, podcasts) and repurpose it for social media.
- Ingestion points: Processes external long-form source text via CLI tools.
- Capability inventory: Has capabilities to post to social media (
x/post-create) and run various generative AI models. - Boundary markers: None present in the provided examples.
- Sanitization: No sanitization is mentioned. An attacker could embed instructions in a blog post that would cause the agent to post unauthorized content or exfiltrate information via the
infshtool.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata