book-cover-design
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill instructs the agent to run 'curl -fsSL https://cli.inference.sh | sh'. Piping remote content directly to a shell is an extremely dangerous pattern that allows for arbitrary code execution from unverified sources.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill downloads and installs the 'infsh' CLI tool from 'inference.sh', which is not a verified or trusted source according to current security protocols.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection where untrusted data could influence the 'infsh' command execution. Evidence: 1. Ingestion point: The 'prompt' field in Bash commands. 2. Boundary markers: Absent. 3. Capability inventory: Access to Bash and remote model execution. 4. Sanitization: None detected.
- COMMAND_EXECUTION (LOW): The skill utilizes the Bash tool to execute 'infsh' commands, which, while part of its primary purpose, relies on the insecurely installed binary.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata