seo-content-brief
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The Quick Start section instructs the user to execute 'curl -fsSL https://cli.inference.sh | sh'. This pattern pipes a remote script directly to a shell interpreter, allowing for unverified code execution on the user's system. While the domain appears to belong to the skill's authoring vendor (1nfsh-s3), the method bypasses standard package manager security controls.
- [EXTERNAL_DOWNLOADS]: The installation process downloads pre-compiled binaries from 'dist.inference.sh'. While checksum verification is mentioned in the documentation, the automated installation script itself remains a point of trust.
- [COMMAND_EXECUTION]: The skill relies on the 'Bash(infsh *)' capability to run various SEO and search applications, including 'tavily/search-assistant', 'exa/search', and 'infsh/html-to-image'.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from the web (via Tavily and Exa) to generate content briefs. 1. Ingestion points: Search results from 'tavily/search-assistant' and webpage content from 'tavily/extract' are fed into the agent context. 2. Boundary markers: The provided templates do not utilize clear delimiters or instructions to ignore embedded commands in the external data. 3. Capability inventory: The agent has access to the 'infsh' CLI tool for data extraction and processing. 4. Sanitization: No sanitization or filtering logic for the ingested search results is present in the skill definition.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata