Skills
skills/1nfsh-s3/skills/text-to-speech/Gen Agent Trust Hub

text-to-speech

Fail

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads a setup script from https://cli.inference.sh and binaries from dist.inference.sh.
  • [REMOTE_CODE_EXECUTION]: The skill uses the command curl -fsSL https://cli.inference.sh | sh, which executes a remote script directly in the shell. This pattern is highly vulnerable to supply chain attacks or interception.
  • [REMOTE_CODE_EXECUTION]: The skill documentation suggests using npx skills add, a command that dynamically downloads and executes remote skill definitions at runtime.
  • [COMMAND_EXECUTION]: The skill requests permission for Bash(infsh *), which allows the AI agent to execute any sub-command of the infsh CLI, potentially leading to unauthorized operations if the input is manipulated.
  • [PROMPT_INJECTION]: The skill processes untrusted text input through CLI commands, creating a surface for indirect prompt injection.
  • Ingestion points: Data is ingested through the --input flag in the infsh app run commands illustrated in SKILL.md.
  • Boundary markers: No delimiters (like XML tags or triple backticks) or "ignore instructions" prompts are used to isolate user text from the agent's instructions.
  • Capability inventory: The skill has the capability to execute shell commands via the Bash tool.
  • Sanitization: There is no evidence of input validation, sanitization, or escaping of the text before it is passed to the command line.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 8, 2026, 02:51 AM
Security Audit — agent-trust-hub — text-to-speech