Skills
skills/1nfsh-s3/skills/ai-content-pipeline/Gen Agent Trust Hub

ai-content-pipeline

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The skill instructs the user or agent to execute curl -fsSL https://cli.inference.sh | sh. This is a high-risk pattern where a remote script is piped directly into a shell interpreter, allowing arbitrary remote code execution if the domain or script is compromised.
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill relies on an external binary downloaded from dist.inference.sh. While the documentation claims SHA-256 verification is performed, the initial installer script itself is retrieved dynamically over the network.
  • COMMAND_EXECUTION (LOW): The skill's frontmatter defines allowed-tools: Bash(infsh *), which grants the agent permission to execute any subcommand of the infsh utility. While necessary for the skill's purpose, it provides a broad attack surface for the agent to interact with the external service.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 19, 2026, 08:56 PM