Skills
skills/tul-sh/skills/ai-content-pipeline/Gen Agent Trust Hub

ai-content-pipeline

Fail

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs users to install a CLI tool using a piped shell command: curl -fsSL https://cli.inference.sh | sh. This pattern downloads and executes code directly from a remote server. While the documentation provides a note on what the script does (detecting OS/architecture and downloading a binary), executing unverified remote scripts carries inherent risks.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the infsh command-line tool via the Bash tool. It executes various subcommands like infsh login, infsh app run, and infsh app list to manage AI workflows and interact with external models (e.g., Claude, FLUX, Kokoro).
  • [EXTERNAL_DOWNLOADS]: The installation process involves downloading a binary executable from dist.inference.sh. The skill documentation mentions that the install script verifies SHA-256 checksums, which is a positive security practice for ensuring file integrity.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 4, 2026, 12:29 PM