Skills
skills/inf-sh/skills/ai-automation-workflows/Gen Agent Trust Hub

ai-automation-workflows

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): The skill utilizes a 'pipe-to-shell' pattern to execute remote code.
  • Evidence: Automated scanning detected the pattern curl -fsSL https://cli.inference.sh | sh.
  • Risk: This method is highly insecure as it executes unverified code from the internet with the full privileges of the user running the agent. The content of the script could change at any time to include malicious payloads.
  • EXTERNAL_DOWNLOADS (HIGH): The skill attempts to fetch resources from a non-whitelisted, untrusted domain.
  • Evidence: The URL https://cli.inference.sh is not on the list of Trusted External Sources.
  • Risk: Reliance on unverified third-party infrastructure for executable code introduces a significant supply chain risk.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 01:55 AM