web-search
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation recommends installing the
infshCLI usingcurl -fsSL https://cli.inference.sh | sh. This pattern involves piping a remote script directly into a shell, which allows for the execution of arbitrary code on the host machine. While the script is hosted on the vendor's domain, this method remains a potential security risk.- [EXTERNAL_DOWNLOADS]: The skill's installation process downloads binary files and checksums fromdist.inference.sh.- [COMMAND_EXECUTION]: The skill requestsBash(infsh *)permissions, which allows the agent to execute any available command within theinfshCLI toolset.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core functionality. - Ingestion points: Data enters the agent's context from untrusted external websites via the
tavilyandexasearch and extraction apps mentioned in SKILL.md. - Boundary markers: Examples show data being piped directly into further tools without delimiters or instructions to ignore embedded prompts.
- Capability inventory: The agent possesses the
Bash(infsh *)capability, which can be used to execute network requests and trigger other apps. - Sanitization: There is no evidence of content sanitization or validation for the data retrieved from external sources.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata