press-release-writing
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill contains instructions to install a CLI tool using
curl -fsSL https://cli.inference.sh | sh. Executing remote scripts directly in the shell is a high-risk pattern often used to bypass security controls or deliver malware. - EXTERNAL_DOWNLOADS (MEDIUM): The skill recommends installing additional packages via
npx skills add inference-sh/skills@.... Sinceinference-shis not a verified or trusted organization in the security framework, this poses a supply chain risk. - COMMAND_EXECUTION (MEDIUM): The skill's functionality is dependent on executing the
infshcommand with various arguments. This allows the skill to invoke external processes and binaries that are not part of the standard environment.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata