Skills
skills/inf-sh/skills/ai-content-pipeline/Gen Agent Trust Hub

ai-content-pipeline

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill explicitly instructs the agent to download and execute a script from a remote URL using a piped shell command. Evidence: curl -fsSL https://cli.inference.sh | sh found in the Quick Start section of SKILL.md. This allows the remote server to execute arbitrary code on the host system without inspection.
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill depends on tools and software from inference.sh, which is not a recognized trusted source. Evidence: Multiple tool calls to infsh and references to cli.inference.sh.
  • [COMMAND_EXECUTION] (MEDIUM): The skill requests overly broad permissions to execute any sub-command of the infsh tool. Evidence: allowed-tools: Bash(infsh *) in the YAML frontmatter.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 01:53 AM