Skills
skills/1nfsh-s3/skills/linkedin-content/Gen Agent Trust Hub

linkedin-content

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [Remote Code Execution] (CRITICAL): The skill explicitly instructs execution of curl -fsSL https://cli.inference.sh | sh. This is a classic piped remote script execution pattern.
  • Evidence: Found in SKILL.md under the 'Quick Start' section.
  • Risk: The server at cli.inference.sh can deliver any malicious payload at the moment of execution, leading to complete host takeover.
  • [External Downloads] (HIGH): The skill relies on external binaries and scripts from an untrusted third-party domain (inference.sh).
  • Evidence: The skill mentions downloading binaries from dist.inference.sh and verifying checksums.
  • Risk: While verification is mentioned, the source itself is not a trusted organization (e.g., GitHub, Google, Microsoft), making the software supply chain unverifiable.
  • [Command Execution] (MEDIUM): The skill requires access to a custom binary (infsh) and uses npx to add more dependencies at runtime.
  • Evidence: allowed-tools: Bash(infsh *) and npx skills add ... commands.
  • Risk: Running specialized local binaries or adding unversioned remote skills via npx increases the attack surface and allows for dynamic code loading from unverified sources.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 19, 2026, 08:04 PM