ai-music-generation
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The file SKILL.md contains the instruction 'curl -fsSL https://cli.inference.sh | sh', which downloads a script and pipes it directly to the shell. This is a critical security risk as it allows an untrusted third party to execute arbitrary code on the user's system.
- [EXTERNAL_DOWNLOADS] (HIGH): The skill installs and relies on a CLI tool ('infsh') from inference.sh, a domain that is not included in the trusted organizations or repositories list, creating a significant supply chain vulnerability.
- [COMMAND_EXECUTION] (HIGH): The skill requests broad shell permissions via 'allowed-tools: Bash(infsh *)', enabling the agent to perform a wide range of system actions through the installed binary.
- [DATA_EXFILTRATION] (MEDIUM): The inclusion of 'infsh login' suggests the tool handles authentication and session management with an external service, which could lead to the exposure or exfiltration of sensitive credentials.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection. 1. Ingestion points: User-provided music prompts in the '--input' CLI argument. 2. Boundary markers: Absent (uses JSON structure but lacks instructions to ignore embedded commands). 3. Capability inventory: Shell command execution via the infsh tool. 4. Sanitization: No sanitization or escaping of user input is present in the skill definition.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata