linkedin-content
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The command
curl -fsSL https://cli.inference.sh | shis used to install the skill's dependencies. This pattern fetches a shell script from a remote URL and pipes it directly into the system shell, allowing for arbitrary code execution from a source outside the trusted list. - EXTERNAL_DOWNLOADS (HIGH): The skill downloads and installs multiple external packages and scripts from the
inference.shdomain and theinference-shGitHub organization. These are not verified or trusted sources according to the security policy. - COMMAND_EXECUTION (MEDIUM): The skill frontmatter authorizes the use of
Bash(infsh *), which grants the agent permission to execute any command provided by theinfshCLI. This broad permission increases the impact if the CLI tool itself is compromised or malicious.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata