Skills
skills/inf-sh/skills/landing-page-design/Gen Agent Trust Hub

landing-page-design

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [Remote Code Execution] (CRITICAL): The skill utilizes a piped execution pattern (curl | sh) targeting an untrusted domain.
  • Evidence: Detection of curl -fsSL https://cli.inference.sh | sh in the skill's initialization or execution logic.
  • Risk: This allows the remote server at cli.inference.sh to execute arbitrary commands on the agent's host system without any validation or human review.
  • [External Downloads] (HIGH): The skill fetches executable content from a source outside of the defined trusted organizations list.
  • Evidence: Target URL https://cli.inference.sh is not associated with any trusted providers like Google, Microsoft, or Anthropic.
  • [Command Execution] (HIGH): The use of shell piping (| sh) bypasses standard package management safety and executes instructions with the current user's privileges.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 02:01 AM