ai-podcast-creation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Remote Code Execution (CRITICAL): The file SKILL.md contains an installation command
curl -fsSL https://cli.inference.sh | sh. This pattern downloads and executes code from an unverified remote source (cli.inference.sh is not a trusted domain) directly in the system shell, allowing for complete system compromise. - Indirect Prompt Injection (HIGH): The skill has a high-risk attack surface where untrusted data is processed. 1. Ingestion points:
SKILL.mdworkflows ingest<your-document-content>and<podcast-script>. 2. Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands. 3. Capability inventory: The skill uses theBash(infsh *)tool, allowing it to execute any command on the inference.sh platform. 4. Sanitization: Absent; external content is interpolated directly into prompts for Claude-Sonnet-4.5. This allows a malicious document to hijack the agent's flow or manipulate CLI outputs. - External Downloads (HIGH): The skill promotes the installation of additional unverified skills from
inference-sh/skillsvianpx skills add. These sources are outside the trusted scope and represent an unverified dependency risk.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata