content-repurposing

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill contains the instruction curl -fsSL https://cli.inference.sh | sh. This is a classic 'curl pipe bash' pattern that downloads and executes code from a remote server without verification. Since 'inference.sh' is not a trusted source, this is a high-risk finding.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill suggests adding external dependencies using npx skills add inference-sh/skills@.... These packages are sourced from an unverified organization and lack integrity checks or version pinning.
  • [COMMAND_EXECUTION] (LOW): The skill requires broad execution permissions for the infsh command in the Bash tool (allowed-tools: Bash(infsh *)), which allows it to run arbitrary sub-applications on the remote platform.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill has an attack surface for indirect prompt injection where malicious instructions could be embedded in the content being repurposed.
  • Ingestion points: External files (e.g., episode-42.mp3) and raw blog/transcript text are processed by the skill in SKILL.md.
  • Boundary markers: Absent. The skill does not use delimiters or instructions to ignore embedded commands when passing data to tools.
  • Capability inventory: The skill can perform shell execution, interact with cloud-based AI models, and post to social media (e.g., x/post-create).
  • Sanitization: Absent. Content is directly interpolated into command arguments and prompts for TTS and image generation.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 18, 2026, 11:01 AM
Security Audit — agent-trust-hub — content-repurposing