skills/skill-zero/s/linkedin-content/Gen Agent Trust Hub

linkedin-content

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): The command curl -fsSL https://cli.inference.sh | sh is used to install the skill's dependencies. This pattern fetches a shell script from a remote URL and pipes it directly into the system shell, allowing for arbitrary code execution from a source outside the trusted list.
  • EXTERNAL_DOWNLOADS (HIGH): The skill downloads and installs multiple external packages and scripts from the inference.sh domain and the inference-sh GitHub organization. These are not verified or trusted sources according to the security policy.
  • COMMAND_EXECUTION (MEDIUM): The skill frontmatter authorizes the use of Bash(infsh *), which grants the agent permission to execute any command provided by the infsh CLI. This broad permission increases the impact if the CLI tool itself is compromised or malicious.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 07:20 AM
Security Audit — agent-trust-hub — linkedin-content