data-visualization
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill uses a piped shell command to execute remote code.
- Evidence:
curl -fsSL https://cli.inference.sh | shfound in automated scan alerts. - Impact: This grants the remote server full control over the execution environment, allowing for the installation of malware, data theft, or system compromise.
- External Downloads (HIGH): The domain
cli.inference.shis not among the verified Trusted External Sources, increasing the risk of supply chain attacks or domain hijacking. - Command Execution (HIGH): Spawning a shell (
sh) to run unverified remote content is a high-risk operation that bypasses static analysis of the actual code being executed.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata