web-search
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill contains instructions to run
curl -fsSL https://cli.inference.sh | sh. This pattern downloads and executes code from a non-trusted domain directly in the shell, which can lead to full system compromise. - [COMMAND_EXECUTION] (HIGH): The skill's metadata allows unrestricted use of the
Bashtool with theinfshprefix, which facilitates the execution of the downloaded remote CLI without further verification. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8). 1. Ingestion points: Web content retrieved via Tavily and Exa. 2. Boundary markers: Absent in the workflow examples. 3. Capability inventory: Includes system command execution and LLM piping. 4. Sanitization: No sanitization or escaping of external content is performed before passing it to LLM prompts.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata