Skills
skills/inferencesh/agent-skills/text-to-speech/Gen Agent Trust Hub

text-to-speech

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Remote Code Execution (CRITICAL): The file SKILL.md contains the command curl -fsSL https://cli.inference.sh | sh. This pattern bypasses all security checks by executing an unverified remote script directly in the shell, which is an extremely high-risk operation from an untrusted source.\n- External Downloads (HIGH): The skill relies on the inference.sh domain for its core functionality and CLI installation. This domain is not on the list of trusted external sources, making the downloaded content unverifiable.\n- Command Execution (MEDIUM): The skill requires access to the Bash tool to run infsh commands. Because the infsh binary is installed via an insecure remote script, any execution of this tool is inherently suspect.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:40 PM