press-release-writing
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill prompts the execution of unverified remote scripts via a shell pipe.
- Evidence:
curl -fsSL https://cli.inference.sh | shinSKILL.md. - The source domain
inference.shis not in the list of trusted external sources. - [EXTERNAL_DOWNLOADS] (HIGH): The skill downloads and installs a CLI tool from an untrusted third-party domain.
- [COMMAND_EXECUTION] (HIGH): The skill uses the
Bashtool to perform sensitive operations, including the installation and execution of external CLI tools with broad arguments (infsh *). - [PROMPT_INJECTION] (LOW): Potential for indirect prompt injection through external data ingestion.
- Ingestion points: Results from
tavily/search-assistantandexa/searchtools are brought into the agent context. - Boundary markers: Absent; there are no instructions to ignore malicious commands embedded in search results.
- Capability inventory: The agent has access to
Bashand can execute furtherinfshcommands. - Sanitization: None; search results are processed directly by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata