ai-voice-cloning
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill documentation includes instructions to install a CLI tool using a piped shell execution pattern.
- Evidence:
curl -fsSL https://cli.inference.sh | shin the Quick Start section of SKILL.md. - Risk: This method executes code directly from a remote server without verification, allowing the owner of the domain to execute arbitrary commands on the user's machine.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on software from a non-trusted external source.
- Evidence: All tools and installation scripts are hosted on
inference.sh. - Context: The domain
inference.shis not on the established list of trusted organizations or repositories. - [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface by processing untrusted text data through a powerful CLI tool.
- Ingestion points: Untrusted text is passed to the
textfield ininfsh app runcommands (e.g., inSKILL.md). - Boundary markers: Absent; there are no delimiters or instructions to prevent the agent from interpreting instructions embedded within the text to be voiced.
- Capability inventory: The skill has access to
Bash(infsh *), which allows for broad command execution. - Sanitization: Absent; no sanitization or escaping of the input text is mentioned.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata