content-repurposing
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill explicitly instructs the execution of
curl -fsSL https://cli.inference.sh | sh. This is a confirmed remote code execution pattern that pipes unverified content from a non-trusted domain directly into a shell interpreter. - External Downloads (MEDIUM): The skill attempts to install multiple external packages using
npx skills add inference-sh/skills@.... Since inference-sh is not a trusted organization, these dependencies are unverifiable and could contain malicious code. - Indirect Prompt Injection (LOW): The skill is designed to ingest and process untrusted data (blog posts, transcripts) and utilize it in downstream tasks like social media posting.
- Ingestion points: Processes external blog content and audio transcriptions via
infshapps. - Boundary markers: Absent; there are no delimiters or instructions to prevent the agent from obeying instructions embedded in the content being repurposed.
- Capability inventory: The skill has access to
Bash(infsh *), which allows for network-connected actions like posting to X/Twitter (x/post-create) and generating media. - Sanitization: Absent; the skill does not show any signs of escaping or validating the input data before passing it to generative tools.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata