content-repurposing
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to executeinfshCLI commands. This is the primary method for interacting with the inference.sh platform to run AI models for image, video, and text generation. - [EXTERNAL_DOWNLOADS]: The skill references an external installation guide at
https://raw.githubusercontent.com/inference-sh/skills/refs/heads/main/cli-install.mdfor the requiredinfshCLI. It also suggests extending capabilities by adding other skills from theinference-shorganization usingnpx. - [DATA_EXFILTRATION]: The skill includes functionality to post content to external social media platforms, specifically demonstrated with the
x/post-createapplication for Twitter/X. This is an intended feature for content distribution. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted user content (such as blog posts and podcast transcripts) to generate social media outputs.
- Ingestion points: User-provided source content like blog posts, podcast transcripts, and video descriptions processed in the conversion recipes in
SKILL.md. - Boundary markers: Absent; the instructions do not include delimiters or specific warnings for the agent to ignore instructions embedded within the source content.
- Capability inventory: The skill uses the
Bashtool to executeinfsh app runcommands, which can generate AI content and post directly to social media platforms. - Sanitization: None; there are no documented steps for validating or escaping external content before it is interpolated into model prompts or passed to the CLI.
Audit Metadata