The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs the user to install the vendor's CLI tool using a piped shell script execution pattern: curl -fsSL https://cli.inference.sh | sh. This pattern executes code directly from a remote server without automatic verification. While common for CLI installations, it represents a risk as the script's content is determined at runtime by the remote server. The skill also suggests using npx to add related skills from a vendor-controlled repository, which involves downloading and executing code at runtime.
[EXTERNAL_DOWNLOADS]: The skill performs multiple network operations to fetch external resources, including the CLI installation script from cli.inference.sh, manual installation binaries and checksums from dist.inference.sh, and additional modular skills via npx from the vendor's repository. These downloads are central to the skill's functionality.
[COMMAND_EXECUTION]: The skill uses the Bash tool to execute infsh commands for image generation and market research. The execution environment is restricted by the allowed-tools configuration to only permit commands starting with infsh, which is a positive security constraint.
[PROMPT_INJECTION]: The skill integrates with external search tools (e.g., tavily/search-assistant) to fetch competitor data, creating an indirect prompt injection surface.
Ingestion points: External search results from the tavily/search-assistant app are read into the agent's context.
Boundary markers: None identified; the instructions do not implement delimiters or warnings to treat external results as untrusted data.
Capability inventory: The agent has the ability to execute infsh commands (Bash) to generate images and perform further research based on search outputs.
Sanitization: There is no evidence of sanitization or validation of the content retrieved from external search providers.

landing-page-design