competitor-teardown
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions for the skill involve piping a remote script directly to the shell (
curl -fsSL https://cli.inference.sh | sh). While this is a common distribution method for developer tools, it represents a high-risk execution pattern for remote code. - [EXTERNAL_DOWNLOADS]: The skill downloads binaries from
dist.inference.shand fetches data from the web using search assistants (Tavily, Exa) and a headless browser. - [COMMAND_EXECUTION]: The skill utilizes a
python-executorto run Python code strings for data visualization and theBashtool to interact with the vendor's CLI. This provides a capability surface for running arbitrary commands if the agent is manipulated. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of ingesting and analyzing untrusted web data. Ingestion points: Data enters through search results and website screenshots (SKILL.md). Boundary markers: No explicit delimiters or safety instructions are used to separate external data from system instructions in the provided examples. Capability inventory: The skill has access to shell execution, Python code execution, and network tools. Sanitization: There is no evidence of sanitization or filtering of the content retrieved from external sources before it is processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata