Skills
skills/toolshell/skills/case-study-writing/Gen Agent Trust Hub

case-study-writing

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute commands via the infsh CLI for authentication, research, and running remote applications.
  • [EXTERNAL_DOWNLOADS]: The skill documentation instructs users to install external dependencies from the inference-sh repository using the npx skills add command.
  • [REMOTE_CODE_EXECUTION]: The skill performs remote code execution by sending Python scripts to the infsh/python-executor app to generate charts and save them as PNG files.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it ingests data from external web search services (Tavily and Exa) and processes that information into the writing flow without explicit sanitization or boundary markers.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 01:18 PM
Security Audit — agent-trust-hub — case-study-writing