technical-blog-writing
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation suggests installing the command-line interface via a remote shell script (curl -fsSL https://cli.inference.sh | sh), which constitutes execution of unverified code from an external source.\n- [EXTERNAL_DOWNLOADS]: The skill downloads binaries and checksums from the vendor's distribution server (dist.inference.sh) and utilizes npx to fetch additional external packages.\n- [COMMAND_EXECUTION]: The skill leverages a specific vendor tool (infsh/python-executor) to run Python code for creating diagrams and charts based on provided data.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it interpolates user-provided data into JSON structures used in shell commands without sufficient sanitization or boundary markers.\n
- Ingestion points: Input parameters for the 'infsh' CLI tool in SKILL.md.\n
- Boundary markers: Absent; data is directly placed within JSON strings.\n
- Capability inventory: Includes shell command execution, Python code execution, and network access via vendor tools.\n
- Sanitization: No evidence of input escaping or validation prior to command interpolation.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata