ai-rag-pipeline
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Remote Code Execution] (CRITICAL): The skill explicitly directs the user to execute a remote shell script via
curl -fsSL https://cli.inference.sh | sh. This allows an untrusted third party to execute arbitrary code on the local system with the privileges of the current user. - [External Downloads] (MEDIUM): The skill utilizes
npx skills addto download additional logic frominference-sh/skills, which is not a verified or trusted organization. - [Command Execution] (MEDIUM): The skill provides templates for creating bash scripts (
research.sh) that execute system commands with interpolated variables, which can lead to command injection if input is not strictly controlled. - [Indirect Prompt Injection] (LOW): The skill builds RAG pipelines that ingest untrusted web content from sources like Tavily and Exa into prompts without sanitization. 1. Ingestion points:
SEARCH_RESULT,TAVILY,EXA,CONTENT, andEVIDENCEvariables in SKILL.md. 2. Boundary markers: Absent; untrusted data is directly concatenated into the LLM instructions. 3. Capability inventory: Theinfshcommand allows for further tool execution and network operations. 4. Sanitization: No escaping, validation, or filtering of retrieved web content is performed.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata