case-study-writing
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill explicitly instructs the execution of
curl -fsSL https://cli.inference.sh | sh. This pattern downloads and runs a script from an untrusted external source directly in the shell without any verification or integrity checks. - COMMAND_EXECUTION (HIGH): The skill utilizes an
infsh/python-executortool to run arbitrary Python code strings. This capability grants the agent the power to execute system commands, access the file system, or perform network operations through the Python environment, which could be exploited to run malicious payloads. - EXTERNAL_DOWNLOADS (MEDIUM): The skill uses
npxto install additional skills and dependencies from theinference-shnamespace. Since this namespace is not among the trusted sources, these downloads represent an unverified third-party risk. - PROMPT_INJECTION (LOW): The skill processes untrusted data from multiple search providers (Tavily and Exa) which makes it vulnerable to indirect prompt injection.
- Ingestion points: External content is pulled from the web via
tavily/search-assistant,exa/search, andexa/answertools. - Boundary markers: There are no markers or delimiters used to separate the external data from the agent's core instructions.
- Capability inventory: The skill has high-privilege capabilities including shell execution via
infsh, Python code execution, and the ability to save files to the local disk. - Sanitization: No sanitization, validation, or escaping of the ingested web content is performed before it is processed by the LLM.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata