ai-content-pipeline

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): The skill documentation explicitly recommends running curl -fsSL https://cli.inference.sh | sh. This executes a script directly from a remote, untrusted domain in the user's shell environment, granting the external source potential full control over the system.\n- EXTERNAL_DOWNLOADS (HIGH): The skill relies on downloading and executing software from inference.sh, which is not a recognized trusted organization or repository within the defined security scope.\n- COMMAND_EXECUTION (MEDIUM): The skill utilizes the Bash tool to run various infsh commands, providing the agent with broad system-level execution capabilities that could be abused if malicious data is processed.\n- PROMPT_INJECTION (LOW): The multi-step media pipeline is vulnerable to indirect prompt injection. 1. Ingestion points: The workflow ingests untrusted data from external model outputs (e.g., script.json, image.json). 2. Boundary markers: No delimiters or safety instructions are used to separate ingested data from command parameters during interpolation. 3. Capability inventory: The skill can execute complex shell commands and manage file outputs. 4. Sanitization: No sanitization or validation of external content is performed before it is interpolated into subsequent processing steps.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 11:01 AM
Security Audit — agent-trust-hub — ai-content-pipeline