ai-podcast-creation
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs users to install the inference.sh CLI using
curl -fsSL https://cli.inference.sh | sh. This is a critical security risk as it executes an unverified script from a remote source with the user's shell privileges.\n- [COMMAND_EXECUTION]: The skill is configured withallowed-tools: Bash(infsh *), which permits the execution of any command starting with theinfshbinary. This broad permission increases the impact if the tool or its environment is compromised.\n- [EXTERNAL_DOWNLOADS]: Several external resources are downloaded from subdomains ofinference.sh. Since these domains are not recognized as trusted or well-known services in the provided security context, they are treated as untrusted external downloads.\n- [PROMPT_INJECTION]: The skill workflows, particularly 'Full Episode Pipeline' and 'NotebookLM-Style Content', interpolate raw user-provided document content into prompts for Claude. This creates a significant surface for indirect prompt injection.\n - Ingestion points: User-provided document content is read and passed to the
openrouter/claude-sonnet-45tool withinSKILL.md.\n - Boundary markers: There are no explicit markers or 'ignore' instructions used to wrap the untrusted content.\n
- Capability inventory: The agent has access to the
infshtool for audio generation and file management.\n - Sanitization: There is no sanitization of the input text before it is processed by the AI models.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata