ai-content-pipeline
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The SKILL.md file includes a command to install the CLI using
curl -fsSL https://cli.inference.sh | sh. Piped execution of remote scripts from untrusted domains is a critical security vulnerability as it allows for arbitrary code execution with the user's privileges.\n- EXTERNAL_DOWNLOADS (HIGH): The skill initiates downloads fromhttps://cli.inference.shand recommends adding more skills vianpx skills add inferencesh/skills. This domain is not recognized as a trusted source, presenting a risk of software supply chain compromise.\n- COMMAND_EXECUTION (MEDIUM): The skill requires theBashtool and performs multipleinfshcommand executions to process data and generate content, creating a significant attack surface.\n- PROMPT_INJECTION (LOW): The skill implements a multi-step pipeline where the output of one model is fed directly into another tool, making it vulnerable to indirect prompt injection.\n - Ingestion points: Processes data from multiple intermediate files like
script.json,summary.json, and various image/video JSON outputs.\n - Boundary markers: No delimiters or safety instructions are used when interpolating model outputs into subsequent command inputs.\n
- Capability inventory: Uses
Bashto execute platform tools and manage file outputs.\n - Sanitization: There is no evidence of sanitization or validation of the AI-generated content before it is processed in the next stage of the pipeline.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata