product-hunt-launch
Warn
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation refers users to an external GitHub repository (inference-sh) to download and install the
infshCLI tool. This is an unverified third-party dependency. - [REMOTE_CODE_EXECUTION]: The skill includes commands to install additional skills using
npx skills add. These skills are fetched from theinference-shorganization, which is not a verified vendor. - [DATA_EXFILTRATION]: User-provided prompts and search queries are sent to external services (including Fal.ai, Tavily, and Exa) via the
infshtool. While consistent with the skill's purpose, this represents data transmission to third-party endpoints. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted search results from the web.
- Ingestion points: Search results from
tavily/search-assistantandexa/searchare incorporated into the agent's context. - Boundary markers: No explicit boundary markers or delimiters are used to separate untrusted search data from system instructions.
- Capability inventory: The skill utilizes the
infshCLI tool to run various AI applications based on instructions. - Sanitization: No evidence of sanitization or filtering of external search content is present.
- [METADATA_POISONING]: A suspicious inconsistency (typosquatting indicator) was found between
SOURCE.mdandSKILL.md. The source metadata referencesinferen-sh(missing the 'ce'), while the skill body and GitHub links referenceinference-sh. This pattern is characteristic of attempts to impersonate legitimate services.
Audit Metadata