ai-voice-cloning
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill recommends installing the
infshCLI tool usingcurl -fsSL https://cli.inference.sh | sh. This pattern is highly insecure as it executes a remote script from a third-party domain without local verification or auditing.\n- [EXTERNAL_DOWNLOADS]: The skill documentation mentions downloading binaries and checksums fromdist.inference.sh. It also suggests adding related skills vianpx skills add inference-sh/skills@..., which fetches external code at runtime.\n- [COMMAND_EXECUTION]: The skill's primary functionality relies on executing theinfshbinary through theBashtool. The security of these commands depends entirely on the integrity of the downloaded binary and the remote environment it interacts with.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by interpolating user-provided text into shell commands for theinfshtool. There are no boundary markers or sanitization logic present to prevent embedded instructions in the text from influencing the tool's behavior.\n - Ingestion points: The
--inputJSON payload in multiple bash examples (e.g.,SKILL.md).\n - Boundary markers: Absent.\n
- Capability inventory: Access to the
Bashtool for runninginfshcommands.\n - Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata