ai-automation-workflows

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Remote Code Execution (CRITICAL): The skill uses the pattern curl -fsSL https://cli.inference.sh | sh, which is a confirmed piped remote execution vulnerability. This allows the untrusted domain inference.sh to execute arbitrary code on the host machine.
  • External Downloads (HIGH): The skill pulls content from https://cli.inference.sh. This domain is not included in the list of Trusted External Sources, making the download unverifiable and unsafe.
  • Command Execution (HIGH): The use of the shell (sh) to process unverified remote input grants the script the ability to perform high-risk operations on the local filesystem and environment.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 11:01 AM
Security Audit — agent-trust-hub — ai-automation-workflows