content-repurposing
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill contains the instruction
curl -fsSL https://cli.inference.sh | sh. This is a classic 'curl pipe bash' pattern that downloads and executes code from a remote server without verification. Since 'inference.sh' is not a trusted source, this is a high-risk finding. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill suggests adding external dependencies using
npx skills add inference-sh/skills@.... These packages are sourced from an unverified organization and lack integrity checks or version pinning. - [COMMAND_EXECUTION] (LOW): The skill requires broad execution permissions for the
infshcommand in the Bash tool (allowed-tools: Bash(infsh *)), which allows it to run arbitrary sub-applications on the remote platform. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill has an attack surface for indirect prompt injection where malicious instructions could be embedded in the content being repurposed.
- Ingestion points: External files (e.g.,
episode-42.mp3) and raw blog/transcript text are processed by the skill inSKILL.md. - Boundary markers: Absent. The skill does not use delimiters or instructions to ignore embedded commands when passing data to tools.
- Capability inventory: The skill can perform shell execution, interact with cloud-based AI models, and post to social media (e.g.,
x/post-create). - Sanitization: Absent. Content is directly interpolated into command arguments and prompts for TTS and image generation.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata