ai-social-media-content
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Remote Code Execution] (HIGH): The skill instructs users and agents to execute 'curl -fsSL https://cli.inference.sh | sh'. This piped-to-shell pattern from an untrusted domain allows for arbitrary code execution on the host system without prior verification.
- [External Downloads] (MEDIUM): Use of 'npx skills add' to dynamically fetch and install remote AI skills from the 'inferencesh' repository. This bypasses static auditing of dependencies and introduces risks of third-party code injection.
- [Command Execution] (MEDIUM): The skill is configured with 'allowed-tools: Bash(infsh *)', granting it permission to execute broad system commands through the 'infsh' CLI, which could be leveraged for persistence or privilege escalation if the remote CLI is compromised.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted user-provided concepts and topics (e.g., 'CONCEPT', 'TOPICS' variables) directly into prompts for large language models (Claude) and image generators (FLUX) without using boundary markers, escaping, or sanitization, creating a surface for indirect prompt injection.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata