Skills
skills/1nfsh-s3/skills/press-release-writing/Gen Agent Trust Hub

press-release-writing

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): The skill documentation includes a command to download and execute a script directly from a URL: curl -fsSL https://cli.inference.sh | sh. This is a highly dangerous pattern as it executes unverified code with the privileges of the current user.
  • Evidence: Source URL: https://cli.inference.sh.
  • Trust Status: Untrusted. The domain inference.sh is not included in the allowed list of trusted organizations or repositories.
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill utilizes npx skills add to fetch and install external skills from the inference-sh organization. These dependencies are not version-locked and reside on an untrusted external registry.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill uses the infsh tool to perform web searches (e.g., tavily/search-assistant, exa/search), which ingests untrusted third-party data into the agent's context.
  • Ingestion points: Output from infsh app run commands (search results and market data).
  • Boundary markers: Absent. The skill does not define delimiters or instructions to ignore embedded commands in the search output.
  • Capability inventory: The allowed-tools includes Bash(infsh *), which provides broad access to execute various CLI applications and system commands.
  • Sanitization: Absent. There is no evidence of filtering or escaping logic for the data returned from search providers.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 19, 2026, 08:06 PM