press-release-writing

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill prompts the execution of unverified remote scripts via a shell pipe.
  • Evidence: curl -fsSL https://cli.inference.sh | sh in SKILL.md.
  • The source domain inference.sh is not in the list of trusted external sources.
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill downloads and installs a CLI tool from an untrusted third-party domain.
  • [COMMAND_EXECUTION] (HIGH): The skill uses the Bash tool to perform sensitive operations, including the installation and execution of external CLI tools with broad arguments (infsh *).
  • [PROMPT_INJECTION] (LOW): Potential for indirect prompt injection through external data ingestion.
  • Ingestion points: Results from tavily/search-assistant and exa/search tools are brought into the agent context.
  • Boundary markers: Absent; there are no instructions to ignore malicious commands embedded in search results.
  • Capability inventory: The agent has access to Bash and can execute further infsh commands.
  • Sanitization: None; search results are processed directly by the agent.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 10:56 AM
Security Audit — agent-trust-hub — press-release-writing