speech-to-text
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill instructs the user to execute
curl -fsSL https://cli.inference.sh | sh. This is a highly dangerous pattern that downloads and runs code from the internet without any verification or isolation. The source domain (inference.sh) is not on the list of trusted providers. - EXTERNAL_DOWNLOADS (HIGH): The skill relies on external software and additional skills downloaded via
npx skills addfrom unverified sources, creating a significant supply chain risk. - COMMAND_EXECUTION (MEDIUM): The skill metadata grants permission to use the
Bashtool for theinfshcommand namespace. This enables the agent to execute shell commands using a tool installed via an insecure remote script. - PROMPT_INJECTION (LOW): The skill has an attack surface for indirect prompt injection as it processes untrusted audio and video URLs.
- Ingestion points:
audio_urlandvideo_urlparameters inSKILL.md. - Boundary markers: None present to distinguish data from instructions.
- Capability inventory: Shell command execution via
Bash(infsh *)as defined inSKILL.md. - Sanitization: No sanitization or validation of external input content is mentioned.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata