social-media-carousel
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill instructs the user to execute
curl -fsSL https://cli.inference.sh | sh. This is a classic piped-to-shell attack vector from an untrusted domain. - [EXTERNAL_DOWNLOADS] (HIGH): The installation process downloads an unverified binary from
dist.inference.sh. - [COMMAND_EXECUTION] (HIGH): The skill uses
npxto install additional remote components (inference-sh/skills), which facilitates arbitrary code execution from external sources. - [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface. It ingests user-provided text/HTML and interpolates it directly into CLI commands without sanitization or boundary markers. Evidence Chain: 1. Ingestion points: Carousel text within HTML templates in
SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Access toBashand theinfshCLI tool. 4. Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata