dialogue-audio
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill contains instructions to run
curl -fsSL https://cli.inference.sh | sh. This is a classic piped-to-shell remote code execution pattern that allows an external website to run arbitrary commands on the user's system. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill references an external domain
inference.shwhich is not part of the trusted organization list. Dependencies or scripts fetched from this source are considered unverifiable. - [COMMAND_EXECUTION] (LOW): The skill documentation provides various shell commands using the
infshtool. While this is the intended purpose of the skill, it relies on the previously executed untrusted script.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata