agent-tools
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill documentation repeatedly references downloading a CLI tool via
curl -fsSL https://cli.inference.sh | sh. While this is a remote script execution pattern, it is the standard installation method for the service the skill represents and targets a primary domain associated with the skill author. - REMOTE_CODE_EXECUTION (LOW): The piped installation command (
| sh) is flagged as a remote execution pattern. However, per security guidelines for trusted sources/established services, this is considered a low risk in the context of a tool installation step for a documented service. - COMMAND_EXECUTION (SAFE): The skill utilizes the
Bashtool to executeinfshcommands. These commands are restricted to theinfshnamespace and are used for interacting with the platform's API (e.g., listing apps, running inference tasks). This behavior is consistent with the skill's stated purpose.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata