llm-models
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill's documentation explicitly directs the user to run
curl -fsSL https://cli.inference.sh | sh. This is a classic 'curl-pipe-sh' vulnerability where an external script is downloaded and executed without any integrity checks or verification. Becauseinference.shis not a trusted source, this is classified as critical. - [EXTERNAL_DOWNLOADS] (HIGH): The skill relies on binary tools and scripts downloaded from an unverified third-party domain (
inference.sh). - [COMMAND_EXECUTION] (MEDIUM): The skill defines
allowed-tools: Bash(infsh *), providing the agent with broad execution capabilities for the unvettedinfshCLI tool. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted user prompts and passes them directly to external APIs via the CLI.
- Ingestion points: Prompts are passed to the
--inputargument ofinfsh app runcommands. - Boundary markers: None observed in the command structures provided in
SKILL.md. - Capability inventory: The skill has the capability to execute shell commands via
Bash(infsh *)and interact with remote APIs. - Sanitization: There is no evidence of input sanitization or validation before the prompt is passed to the CLI.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata