data-visualization

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Remote Code Execution (CRITICAL): The skill uses a piped shell command to execute remote code.
  • Evidence: curl -fsSL https://cli.inference.sh | sh found in automated scan alerts.
  • Impact: This grants the remote server full control over the execution environment, allowing for the installation of malware, data theft, or system compromise.
  • External Downloads (HIGH): The domain cli.inference.sh is not among the verified Trusted External Sources, increasing the risk of supply chain attacks or domain hijacking.
  • Command Execution (HIGH): Spawning a shell (sh) to run unverified remote content is a high-risk operation that bypasses static analysis of the actual code being executed.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 19, 2026, 01:07 AM
Security Audit — agent-trust-hub — data-visualization