product-photography
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (HIGH): The skill uses the pattern
curl -fsSL https://cli.inference.sh | sh, which is a critical security risk. This command downloads a script from an external server and immediately executes it with shell privileges without any integrity verification. - External Downloads (HIGH): The domain
inference.shis not listed as a trusted external source. Fetching executable content from unverified third-party domains represents a significant supply-chain threat. - Command Execution (HIGH): The use of piped shell execution bypasses auditing and security controls, as the content of the script being executed is determined at runtime by the remote server.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata