talking-head-production
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The command
curl -fsSL https://cli.inference.sh | shis present in the Quick Start section. This pattern downloads and executes code from an untrusted remote source without verification, allowing for arbitrary code execution on the host machine.\n- [EXTERNAL_DOWNLOADS] (HIGH): The skill downloads and installs dependencies fromhttps://cli.inference.shandinferencesh/skillsvianpx. Neither the domain nor the organization are included in the trusted external sources whitelist.\n- [COMMAND_EXECUTION] (MEDIUM): The skill frontmatter specifiesallowed-tools: Bash(infsh *), which grants the agent broad permissions to execute any subcommand of theinfshCLI tool. This increases the risk of exploitation if the tool contains vulnerabilities or processes malicious inputs.\n- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection. Untrusted data enters the agent context via the--inputparameters ininfshtool calls (found inSKILL.md). There are no boundary markers or sanitization logic present to prevent embedded instructions in user-provided prompts from influencing agent behavior during execution.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata