Skills
skills/ascend-ai-coding/awesome-ascend-skills/inferencex-report/Gen Agent Trust Hub

inferencex-report

Warn

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script scripts/inferencex_api_report.py employs the eval() function within the load_previous_data function to process data keys from JSON files in the data/ directory. If an attacker gains the ability to modify these local data files, they could achieve arbitrary code execution on the host system.
  • [COMMAND_EXECUTION]: The skill uses subprocess.run() to execute the system curl binary for data retrieval in scripts/inferencex_api_report.py. This pattern relies on external system utilities and creates a potential command injection surface if the parameters were to be influenced by untrusted sources.
  • [CREDENTIALS_UNSAFE]: Instructions in SKILL.md and references/configuration.md recommend that users edit the Python script to hardcode sensitive information such as SENDER_PASSWORD and SMTP_PASSWORD. This practice exposes credentials in plain text within the source code, increasing the risk of accidental exposure.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 15, 2026, 06:56 AM
Security Audit — agent-trust-hub — inferencex-report