Skills
skills/inferencesh/skills/ai-podcast-creation/Gen Agent Trust Hub

ai-podcast-creation

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The skill contains the command curl -fsSL https://cli.inference.sh | sh, which downloads and executes a script from an external, untrusted source directly in the system shell. This is a classic RCE pattern as the contents of the script are not verified prior to execution.
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill utilizes npx skills add to install additional components from the inference-sh/skills namespace. These dependencies are not from a verified trusted source.
  • COMMAND_EXECUTION (MEDIUM): The skill makes extensive use of the infsh command-line interface to invoke remote applications (infsh app run). This creates a dependency on remote execution environments where the actual logic is opaque and controlled by an external provider.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 18, 2026, 11:22 AM