ai-social-media-content
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent or user to install a tool using the command
curl -fsSL https://cli.inference.sh | sh. This is a high-risk pattern that executes a remote script from an untrusted domain without user inspection, allowing for arbitrary code execution on the host system. - [COMMAND_EXECUTION]: The skill requires the
Bash(infsh *)capability. It uses this to execute complex shell commands, including for-loops to batch process content and file redirection (>) to store JSON outputs locally. While aligned with the skill's purpose, it provides a significant attack surface if the input data is compromised. - [EXTERNAL_DOWNLOADS]: The installation process fetches pre-compiled binaries from
dist.inference.sh. Although the documentation claims checksum verification is performed, the integrity of the initial installation script (cli.inference.sh) remains a single point of failure. - [INDIRECT_PROMPT_INJECTION]: The skill demonstrates a multi-step workflow where the output from one AI model (e.g., Claude) is saved to a file (
script.json) and then used as input for another tool (infsh app run infsh/kokoro-tts). - Ingestion points: Untrusted data from AI model responses is saved to
script.jsonandvoice.json(SKILL.md). - Boundary markers: None present; the content is interpolated directly into subsequent command inputs.
- Capability inventory: Subprocess calls via
infsh, file-write operations via Bash redirection. - Sanitization: No evidence of escaping or validation of the content before it is passed to the next stage of the pipeline.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata