og-image-design
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (HIGH): The skill uses a piped execution pattern (
curl | sh) to run a script fromhttps://cli.inference.sh. This is a high-risk operation that bypasses security reviews and allows arbitrary code to run on the host system. - Evidence: Automated scan detected
curl -fsSL https://cli.inference.sh | sh. - External Downloads (HIGH): The domain
inference.shis not a trusted source. Executing scripts from unverified third-party domains can lead to complete system compromise if the source is malicious or hijacked. - Command Execution (HIGH): The use of shell piping to execute remote content grants the script the same permissions as the agent, potentially allowing unauthorized file access or network activity.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata