prompt-engineering

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): The command 'curl -fsSL https://cli.inference.sh | sh' in SKILL.md downloads and executes a script from an untrusted domain. This pattern is a high-severity security risk as it allows for arbitrary code execution on the user's system.
  • EXTERNAL_DOWNLOADS (HIGH): The skill uses 'npx skills add' to pull additional code from the 'inference-sh' repository. Since this organization is not on the trusted list, these downloads are considered unverified and potentially malicious.
  • COMMAND_EXECUTION (MEDIUM): The skill requests permission to execute 'infsh' commands via Bash, which grants it control over the newly installed CLI and associated resources.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill defines templates in SKILL.md that ingest untrusted data (e.g., '[article text]') without boundary markers or sanitization. Combined with the 'infsh' bash capability, this creates an injection surface. Evidence: 1. Ingestion: SKILL.md placeholders. 2. Boundaries: Absent. 3. Capabilities: Bash(infsh *). 4. Sanitization: Absent.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 10:56 AM
Security Audit — agent-trust-hub — prompt-engineering