ai-social-media-content
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill documentation instructs users to execute a remote script via 'curl -fsSL https://cli.inference.sh | sh'. This is an unauthenticated piped-to-shell pattern from an untrusted source (inference.sh is not in the whitelist), allowing the remote server to execute arbitrary commands on the host system.
- EXTERNAL_DOWNLOADS (HIGH): The 'Related Skills' section encourages adding multiple external skills from 'inference-sh/skills' using 'npx skills add'. These sources are unverified and outside the trusted organization scope.
- COMMAND_EXECUTION (HIGH): The skill allows 'Bash(infsh *)' as a tool. The provided examples show shell variable interpolation (e.g., '$CONCEPT', '$topic') directly into JSON strings within shell commands. This lacks sanitization and allows for command injection if the user-provided variables contain characters like backticks, semicolons, or quotes.
- PROMPT_INJECTION (HIGH): The 'Talking Head Content' workflow (Category 8) ingests untrusted data from an external AI model (Claude) and pipes it directly into subsequent tools ('kokoro-tts') and shell environments without boundary markers or validation. If the model output is poisoned, it could lead to indirect prompt injection or unintended tool behavior.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata