ai-voice-cloning
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (CRITICAL): The skill instructs the user to run
curl -fsSL https://cli.inference.sh | sh. This pattern executes a remote script from an untrusted source (https://cli.inference.sh) directly in the shell, bypassing security reviews and allowing full system compromise. - [Indirect Prompt Injection] (MEDIUM): The skill processes untrusted data which could lead to malicious instruction following if the input is manipulated. Evidence: (1) Ingestion points: The
inputfield in variousinfsh app runexamples inSKILL.md. (2) Boundary markers: None present. (3) Capability inventory: Uses theBash(infsh *)tool which can be exploited if the CLI itself is compromised. (4) Sanitization: No validation or escaping of input strings is performed. - [Command Execution] (HIGH): The skill grants access to the
Bashtool forinfshcommands. Sinceinfshis installed via an untrusted remote script, this effectively grants the remote source persistent ability to influence the agent's tool execution. - [External Downloads] (MEDIUM): The skill references multiple external packages via
npx skills addfrominference-sh/skills, which is not a verified trusted source.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata