skills/skill-zero/s/agent-tools/Gen Agent Trust Hub

agent-tools

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill documentation repeatedly references downloading a CLI tool via curl -fsSL https://cli.inference.sh | sh. While this is a remote script execution pattern, it is the standard installation method for the service the skill represents and targets a primary domain associated with the skill author.
  • REMOTE_CODE_EXECUTION (LOW): The piped installation command (| sh) is flagged as a remote execution pattern. However, per security guidelines for trusted sources/established services, this is considered a low risk in the context of a tool installation step for a documented service.
  • COMMAND_EXECUTION (SAFE): The skill utilizes the Bash tool to execute infsh commands. These commands are restricted to the infsh namespace and are used for interacting with the platform's API (e.g., listing apps, running inference tasks). This behavior is consistent with the skill's stated purpose.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 18, 2026, 04:38 AM
Security Audit — agent-trust-hub — agent-tools