product-hunt-launch
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill instructs users to run
curl -fsSL https://cli.inference.sh | sh. This 'curl pipe to shell' pattern is a critical security risk because it executes arbitrary code from an untrusted remote server without any verification or integrity checks. - COMMAND_EXECUTION (HIGH): The skill requests
Bash(infsh *)permissions. Because theinfshtool is installed via the unverified remote script mentioned above, the agent is essentially granted permission to execute code controlled by an untrusted third party. - EXTERNAL_DOWNLOADS (MEDIUM): The skill includes instructions to use
npx skills addto download additional skills from theinference-shorganization, which is not on the list of trusted external sources. - PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection because it ingests untrusted data from external web searches (via Tavily and Exa) and passes that data into the agent's context without sanitization or boundary markers.
- Ingestion points: External data enters through
tavily/search-assistantandexa/searchcalls. - Boundary markers: None present; search results are interpolated directly into the workflow.
- Capability inventory: The skill has access to the
Bashtool to run CLI commands. - Sanitization: No evidence of output filtering or validation of search results before processing.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata