ai-voice-cloning
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill executes remote code from an untrusted source by piping a curl response to the shell (
curl -fsSL https://cli.inference.sh | sh). This allows for arbitrary code execution with the user's privileges without prior verification of the script content. - EXTERNAL_DOWNLOADS (CRITICAL): The installation script and subsequent binary dependencies are fetched from
cli.inference.sh, which is not a verified or trusted domain according to the security policy. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it interpolates untrusted user text into command-line arguments without sanitization or boundary markers.
- Ingestion points:
SKILL.md(various lines) where text for voice synthesis is passed to the--inputflag of theinfshCLI. - Boundary markers: Absent; no specific instructions or delimiters are used to ensure the agent treats input as literal data.
- Capability inventory: Shell execution of the
infshbinary via the Bash tool. - Sanitization: Absent; no input validation is performed.
- COMMAND_EXECUTION (MEDIUM): The skill requires the
Bash(infsh *)tool, granting it the capability to execute a custom binary that performs remote network operations and processes data on an external platform.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata