prompt-engineering
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The command 'curl -fsSL https://cli.inference.sh | sh' in SKILL.md downloads and executes a script from an untrusted domain. This pattern is a high-severity security risk as it allows for arbitrary code execution on the user's system.
- EXTERNAL_DOWNLOADS (HIGH): The skill uses 'npx skills add' to pull additional code from the 'inference-sh' repository. Since this organization is not on the trusted list, these downloads are considered unverified and potentially malicious.
- COMMAND_EXECUTION (MEDIUM): The skill requests permission to execute 'infsh' commands via Bash, which grants it control over the newly installed CLI and associated resources.
- INDIRECT_PROMPT_INJECTION (LOW): The skill defines templates in SKILL.md that ingest untrusted data (e.g., '[article text]') without boundary markers or sanitization. Combined with the 'infsh' bash capability, this creates an injection surface. Evidence: 1. Ingestion: SKILL.md placeholders. 2. Boundaries: Absent. 3. Capabilities: Bash(infsh *). 4. Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata