ai-content-pipeline
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill documentation explicitly recommends running
curl -fsSL https://cli.inference.sh | sh. This executes a script directly from a remote, untrusted domain in the user's shell environment, granting the external source potential full control over the system.\n- EXTERNAL_DOWNLOADS (HIGH): The skill relies on downloading and executing software frominference.sh, which is not a recognized trusted organization or repository within the defined security scope.\n- COMMAND_EXECUTION (MEDIUM): The skill utilizes theBashtool to run variousinfshcommands, providing the agent with broad system-level execution capabilities that could be abused if malicious data is processed.\n- PROMPT_INJECTION (LOW): The multi-step media pipeline is vulnerable to indirect prompt injection. 1. Ingestion points: The workflow ingests untrusted data from external model outputs (e.g.,script.json,image.json). 2. Boundary markers: No delimiters or safety instructions are used to separate ingested data from command parameters during interpolation. 3. Capability inventory: The skill can execute complex shell commands and manage file outputs. 4. Sanitization: No sanitization or validation of external content is performed before it is interpolated into subsequent processing steps.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata