skills/skill-zero/s/llm-models/Gen Agent Trust Hub

llm-models

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill's documentation explicitly directs the user to run curl -fsSL https://cli.inference.sh | sh. This is a classic 'curl-pipe-sh' vulnerability where an external script is downloaded and executed without any integrity checks or verification. Because inference.sh is not a trusted source, this is classified as critical.
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill relies on binary tools and scripts downloaded from an unverified third-party domain (inference.sh).
  • [COMMAND_EXECUTION] (MEDIUM): The skill defines allowed-tools: Bash(infsh *), providing the agent with broad execution capabilities for the unvetted infsh CLI tool.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted user prompts and passes them directly to external APIs via the CLI.
  • Ingestion points: Prompts are passed to the --input argument of infsh app run commands.
  • Boundary markers: None observed in the command structures provided in SKILL.md.
  • Capability inventory: The skill has the capability to execute shell commands via Bash(infsh *) and interact with remote APIs.
  • Sanitization: There is no evidence of input sanitization or validation before the prompt is passed to the CLI.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 11:01 AM
Security Audit — agent-trust-hub — llm-models