competitor-teardown
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions recommend installing the 'infsh' CLI tool via 'curl -fsSL https://cli.inference.sh | sh'. This method downloads and executes code from a remote server without any verification, which can lead to system compromise if the server or transmission is compromised.
- [COMMAND_EXECUTION]: The skill uses the 'Bash' tool to execute 'infsh' commands. It specifically uses the 'infsh/python-executor' tool to execute arbitrary Python code for generating charts, which represents a form of dynamic code execution.
- [EXTERNAL_DOWNLOADS]: The skill references 'npx skills add inference-sh/skills', which involves downloading and installing external code from a third-party repository.
- [PROMPT_INJECTION]: The skill processes data from external websites using tools like 'tavily/search-assistant' and 'tavily/extract'. This creates an indirect prompt injection surface where malicious content on analyzed websites could override agent instructions.
- Ingestion points: 'tavily/search-assistant', 'exa/search', and 'tavily/extract' (SKILL.md).
- Boundary markers: No delimiters or ignore instructions are present for the external data ingestion.
- Capability inventory: The skill can execute shell commands via 'Bash(infsh *)' and Python scripts via 'infsh/python-executor' (SKILL.md).
- Sanitization: No sanitization or validation of the external content is performed before it is used by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata