newsletter-curation
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the user to install a CLI tool using a high-risk piped execution pattern:
curl -fsSL https://cli.inference.sh | sh. This allows for the execution of unverified remote code within the user's shell environment. - [EXTERNAL_DOWNLOADS]: The skill downloads binary files from
dist.inference.shand usesnpxto dynamically add additional skill dependencies frominference-sh/skills. - [COMMAND_EXECUTION]: The skill requests permission to execute arbitrary
infshcommands viaBash(infsh *), which provides the capability to run a wide range of external applications and system operations. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its content sourcing functionality.
- Ingestion points: External data is fetched from the web using
tavily/search-assistantandexa/searchtools referenced inSKILL.md. - Boundary markers: No delimiters or protective instructions are used to prevent the agent from following directives found in retrieved search results.
- Capability inventory: The skill has permissions to execute CLI tools, write to social media via
x/post-create, and generate images. - Sanitization: No sanitization or validation of the retrieved web content is performed before it is used to generate newsletter commentary or social media posts.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata