content-repurposing
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs users to install its core dependency by piping a remote script from
https://cli.inference.shdirectly into the shell (curl -fsSL ... | sh). This pattern is a high-risk security practice as it allows for the execution of arbitrary, unverified code on the host system. - [EXTERNAL_DOWNLOADS]: The skill downloads binary executables and additional configuration files from the
inference.shanddist.inference.shdomains during both installation and runtime operations. - [COMMAND_EXECUTION]: The skill relies on the execution of the
infshCLI tool to perform its primary functions. This involves spawning subprocesses and passing user-provided or externally sourced data as command-line arguments and JSON payloads. - [PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection by design. It is built to ingest and process long-form external content such as blog posts, podcast transcripts, and video scripts from potentially untrusted sources.
- Ingestion points: Workflow instructions in
SKILL.mdidentify blog posts, podcasts, and video transcripts as primary data inputs. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the provided tool call examples.
- Capability inventory: The skill uses the
infshtool which has capabilities including image generation, text-to-speech, and social media account interaction (e.g., posting to X/Twitter). - Sanitization: There is no evidence of input validation, escaping, or sanitization before external content is interpolated into the CLI command inputs.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata