Skills
skills/tul-sh/skills/text-to-speech/Gen Agent Trust Hub

text-to-speech

Fail

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The installation instructions utilize a 'curl to shell' pattern (curl -fsSL https://cli.inference.sh | sh) which executes a remote script without prior verification or checksum validation of the script itself.
  • [EXTERNAL_DOWNLOADS]: The skill guides the agent or user to download the infsh binary and supporting configuration files from the inference.sh domain and its subdomains (dist.inference.sh).
  • [COMMAND_EXECUTION]: The skill explicitly requests permission to use the Bash tool with the infsh command prefix. It uses this tool to manage logins, run speech synthesis models, and handle file outputs.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 4, 2026, 10:41 AM