competitor-teardown
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): Detected a confirmed remote code execution pattern where a script is fetched from 'https://cli.inference.sh' and piped directly into 'sh'. This bypasses all security checks and allows the remote server to execute any command on the host.
- [EXTERNAL_DOWNLOADS] (HIGH): The skill attempts to download resources from 'inference.sh', which is not a recognized trusted source, making it susceptible to supply chain attacks.
- [COMMAND_EXECUTION] (HIGH): The use of shell piping ('| sh') is a high-risk command execution method that provides an attacker-controlled script with direct access to the system shell.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata