product-changelog
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill contains a manual installation command
curl -fsSL https://cli.inference.sh | sh. This pattern is highly dangerous as it executes unverified code from an external server directly in the shell without any integrity checks or version pinning. - [COMMAND_EXECUTION] (MEDIUM): The skill requests permission for
Bash(infsh *). Sinceinfshis the tool installed via the unverified remote script mentioned above, any vulnerability or malicious payload in that script gains command execution privileges on the user's system. - [EXTERNAL_DOWNLOADS] (MEDIUM): The documentation includes instructions to use
npx skills add inference-sh/skills@.... These are external dependencies hosted outside of the trusted organizations list (e.g., Anthropic, OpenAI, Microsoft), posing a risk of supply chain attack if theinference-shnamespace is compromised. - [PROMPT_INJECTION] (LOW): The skill is designed to ingest external data (PR descriptions, feature notes) to generate changelogs. This creates a surface for Indirect Prompt Injection (Category 8).
- Ingestion points: Data provided via prompt for changelog generation.
- Boundary markers: None identified in the provided templates.
- Capability inventory: Bash execution via
infsh, image generation via remote APIs. - Sanitization: No evidence of input sanitization or escaping before processing.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata