product-changelog
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill instructs the agent or user to execute
curl -fsSL https://cli.inference.sh | sh. This pattern is a critical security risk as it downloads and executes a script directly from the internet without integrity verification. The domaininference.shis not a trusted source according to defined security protocols. - EXTERNAL_DOWNLOADS (MEDIUM): The skill references the command
npx skills add inference-sh/skills@...to install additional components. Usingnpxto execute code from untrusted GitHub organizations or npm scopes introduces a supply chain vulnerability. - COMMAND_EXECUTION (MEDIUM): The skill's YAML frontmatter requests
allowed-tools: Bash(infsh *). While restricted to theinfshcommand, this binary is the same one installed via the insecurecurl | shmethod, creating a path for persistent unverified code execution within the agent's environment. - PROMPT_INJECTION (LOW): The skill contains an 'Install note' section that provides self-authoritative claims about its own safety ('The install script only detects your OS... No elevated permissions'). Following the 'assume-malicious' posture, these claims are treated as potential attempts to bypass user/agent skepticism regarding the insecure installation method.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata