press-release-writing
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the user to install the 'infsh' CLI by piping a remote script to the shell: 'curl -fsSL https://cli.inference.sh | sh'. This method executes code directly from a remote source without local inspection, which is a significant security risk despite being a vendor-provided installation method.\n- [COMMAND_EXECUTION]: The skill uses the 'infsh' CLI tool to execute various external applications, such as 'tavily/search-assistant' and 'exa/search', which involves running subprocesses within the agent's environment.\n- [EXTERNAL_DOWNLOADS]: The skill performs external downloads of binaries, configuration files, and additional skill modules from 'inference.sh' and GitHub/NPM repositories during setup and operation.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and processes untrusted data from external web search tools.\n
- Ingestion points: Data retrieved from 'infsh app run' tool outputs (SKILL.md) enters the agent's context.\n
- Boundary markers: No explicit markers or instructions are provided to distinguish external search results from the agent's core instructions.\n
- Capability inventory: The agent is authorized to execute shell commands and CLI applications through the 'infsh' tool.\n
- Sanitization: There is no evidence of validation or sanitization of the content fetched from external research providers before it is processed.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata