ai-rag-pipeline
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): Detected piped remote code execution via
curl -fsSL https://cli.inference.sh | sh. This pattern executes scripts directly from the internet without verification, which is a severe security risk. - EXTERNAL_DOWNLOADS (HIGH): The skill downloads executable binaries from
dist.inference.sh, a domain not included in the Trusted External Sources list. This introduces a significant supply chain vulnerability. - COMMAND_EXECUTION (MEDIUM): The skill requests broad shell permissions via
Bash(infsh *)and constructs shell commands by interpolating variables into strings, which can lead to command injection if input is malicious. - PROMPT_INJECTION (LOW): The skill exhibits an Indirect Prompt Injection surface.
- Ingestion points: Untrusted data from web searches (
tavily,exa) is stored in variables likeSEARCH_RESULTandCONTENT(SKILL.md). - Boundary markers: None. Web content is injected directly into prompt strings without delimiters.
- Capability inventory: The skill uses
infsh app runto execute remote LLM tasks and tool calls. - Sanitization: None. There is no evidence of escaping or validating the content retrieved from external URLs before processing.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata