Skills
skills/marcioaltoe/skills/pitch-deck-visuals/Gen Agent Trust Hub

pitch-deck-visuals

Fail

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill documentation provides a setup command that downloads a script from https://cli.inference.sh and pipes it directly into the shell (curl -fsSL https://cli.inference.sh | sh). This is a high-risk pattern that executes unverified code on the host system without manual review.
  • [EXTERNAL_DOWNLOADS]: The instructions suggest using npx to fetch and execute additional skills from an external source (inferencesh/skills), which introduces unverified third-party code into the execution environment.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to interact with the infsh CLI. It includes several examples of sending Python code as strings to a remote executor (infsh/python-executor). While the examples provided use matplotlib for generating charts, the underlying mechanism allows for the execution of dynamic code logic on a remote service.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 21, 2026, 06:50 PM
Security Audit — agent-trust-hub — pitch-deck-visuals