competitor-teardown
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's 'Quick Start' instructions include a command that pipes a remote script directly to a shell: 'curl -fsSL https://cli.inference.sh | sh'. This pattern allows a remote, untrusted server to execute arbitrary code on the user's system without any verification or integrity checks.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'infsh' CLI tool and various applications (e.g., 'infsh/agent-browser', 'tavily/search-assistant') from the 'inference.sh' domain, which is not identified as a trusted or well-known service.
- [COMMAND_EXECUTION]: The skill extensively uses the 'infsh' command to perform tasks such as running a web browser and executing Python scripts. These capabilities provide a large attack surface if the tool or its inputs are compromised.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of external data. 1. Ingestion points: It fetches data from web search results (via Tavily and Exa) and crawls competitor websites. 2. Boundary markers: The skill lacks any delimiters or instructions to ignore embedded commands in the retrieved data. 3. Capability inventory: The skill has the ability to execute shell commands, run Python code, and automate a browser. 4. Sanitization: There is no evidence of filtering or sanitizing the content retrieved from external sources before it is processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata