logo-design-guide
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): Piped remote script execution detected.
- Evidence: Found in
SKILL.md:curl -fsSL https://cli.inference.sh | sh. - Risk: The script downloaded from the URL is executed immediately by the shell. This provides no opportunity to inspect the code before execution, allowing for arbitrary commands to be run on the system.
- [EXTERNAL_DOWNLOADS] (HIGH): Unverifiable external dependency from an untrusted domain.
- URL:
https://cli.inference.sh - Context: The skill relies on a CLI tool hosted on a domain not included in the trusted sources list.
- [COMMAND_EXECUTION] (MEDIUM): Enabling shell access for non-standard tools.
- Tool:
Bash(infsh *) - Context: The skill configuration permits the agent to execute bash commands starting with
infsh. This capability, combined with the untrusted installation method, creates a high-risk environment.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata