Skills
skills/inferencesh/skills/ai-music-generation/Gen Agent Trust Hub

ai-music-generation

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill contains instructions to execute a shell script downloaded from an external URL (https://cli.inference.sh) using the curl | sh pattern. This is a high-risk pattern as it allows arbitrary code execution from a source that is not verified or trusted according to established security policies.- [EXTERNAL_DOWNLOADS] (HIGH): The skill relies on an installation script from an external, untrusted domain (inference.sh) rather than a secure, versioned package manager or a trusted repository.- [COMMAND_EXECUTION] (MEDIUM): The skill requires the Bash tool and grants permissions to run the infsh command. This capability is used to interact with the downloaded binary, creating a dependency on the integrity of the remotely fetched code.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 18, 2026, 01:07 AM