Skills
skills/1nfsh-s3/skills/og-image-design/Gen Agent Trust Hub

og-image-design

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Remote Code Execution (CRITICAL): The skill executes a script directly from the internet using the 'curl | sh' pattern, which is a major security vulnerability.
  • Evidence: Automated scanner detected the command: 'curl -fsSL https://cli.inference.sh | sh'.
  • Risk: This method bypasses any manual or automated code review of the script's contents before execution. An attacker controlling the remote server could modify the script at any time to perform malicious actions on the user's machine.
  • Source Untrusted: The domain 'cli.inference.sh' is not part of the established trusted repository or organization list.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 19, 2026, 08:10 PM