Skills
skills/1nfsh-s3/skills/prompt-engineering/Gen Agent Trust Hub

prompt-engineering

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill instructions include the command curl -fsSL https://cli.inference.sh | sh. This is a high-risk pattern that executes a remote script directly in the local shell environment without verification of the content or the source.
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill downloads binaries and additional logic from inference.sh and dist.inference.sh domains. These are not included in the trusted provider list, making the skill a potential vector for supply chain attacks.
  • [COMMAND_EXECUTION] (MEDIUM): The skill requests permission to use the Bash tool with infsh commands. While this is the intended purpose, it provides a large attack surface if the agent is manipulated into running malicious CLI flags or arguments.
  • [PROMPT_INJECTION] (LOW): The skill's primary function is to interpolate user-provided prompts into CLI command strings (e.g., infsh app run --input '...'). This creates a surface for indirect prompt injection or command injection if inputs are not properly sanitized. (Evidence: Ingestion point at the --input flag in SKILL.md; Boundary markers are limited to single quotes; Capability inventory includes system shell access; Sanitization logic is not provided).
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 19, 2026, 08:20 PM