Skills
skills/inf-sh/skills/newsletter-curation/Gen Agent Trust Hub

newsletter-curation

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): Found curl -fsSL https://cli.inference.sh | sh in the Quick Start section of SKILL.md. This pattern downloads and executes code from an untrusted remote source directly in the system shell without any verification or integrity checks.
  • EXTERNAL_DOWNLOADS (HIGH): The skill installs dependencies from inference-sh/skills via npx skills add, which is not on the list of trusted GitHub organizations or repositories.
  • COMMAND_EXECUTION (MEDIUM): The allowed-tools configuration Bash(infsh *) grants the agent broad permissions to execute any sub-command of the unverified infsh utility, which could be used for malicious purposes if the tool is compromised.
  • PROMPT_INJECTION (LOW): This skill is vulnerable to Indirect Prompt Injection because it ingests untrusted search data from Tavily and Exa to curate newsletters. Evidence Chain: 1. Ingestion points: infsh app run tavily/search-assistant and infsh app run exa/search in SKILL.md. 2. Boundary markers: None present to isolate untrusted content. 3. Capability inventory: Bash(infsh *) in SKILL.md. 4. Sanitization: No sanitization of ingested search results is performed before the agent processes them.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 01:58 AM