content-repurposing
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill directs the agent or user to run the command 'curl -fsSL https://cli.inference.sh | sh'. This downloads a script from a remote server and executes it immediately in the shell without any verification or integrity checks. This is a critical security vulnerability that can lead to full system compromise if the server is malicious or compromised.
- [COMMAND_EXECUTION]: The skill requests permission for the 'Bash' tool to execute 'infsh' commands and utilizes shell loops to automate task execution. This provides a direct interface for executing commands on the underlying system, which, combined with the unverified CLI installation, poses a severe risk.
- [EXTERNAL_DOWNLOADS]: The skill attempts to fetch and install additional external components using 'npx skills add' from the 'inference-sh' repository, introducing external code into the agent's environment from a non-trusted source.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata