text-to-speech
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill explicitly instructs the agent to execute
curl -fsSL https://cli.inference.sh | sh. This is a classic 'pipe to shell' attack vector that allows an external server to execute arbitrary code on the host machine without verification or integrity checks. - [EXTERNAL_DOWNLOADS] (HIGH): The skill depends on software downloaded from
inference.sh, which is not listed as a trusted external source. This introduces significant supply chain risk. - [COMMAND_EXECUTION] (MEDIUM): The skill utilizes the
infshCLI tool for its primary operations. Since the installation of this tool is unverified, all subsequent commands (infsh app run,infsh login) are executed through a potentially compromised binary. - [DATA_EXFILTRATION] (LOW): The
infsh logincommand indicates that the tool handles user credentials. While no explicit exfiltration of local files (like SSH keys) is present in the markdown, the opaque nature of the installed CLI poses a risk of credential harvesting. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill takes arbitrary text input and passes it to external AI models via the CLI. If the agent processes untrusted data (e.g., from a website) and passes it to this skill, it could trigger unexpected behavior, though the risk is mitigated by LLM guardrails.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata