social-media-carousel
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill instructs the agent to run
curl -fsSL https://cli.inference.sh | shto install theinfshCLI. This piped remote execution pattern is dangerous because it executes unverified code from an untrusted domain directly in the shell context. - EXTERNAL_DOWNLOADS (MEDIUM): The skill uses
npx skills add inference-sh/skills@...to pull in additional skill definitions. Theinference-shorganization is not on the list of trusted GitHub repositories or organizations, increasing the risk of supply chain attacks. - COMMAND_EXECUTION (LOW): The skill relies on the
infshtool andBashexecution to perform its primary tasks. While functional for the carousel use case, this requires trusting theinference.shplatform's binary safety. - PROMPT_INJECTION (LOW): The skill has an indirect prompt injection surface when processing user-provided HTML for image generation. \n
- Ingestion points: The
htmlfield inside the JSON--inputflag forinfshcommands inSKILL.md.\n - Boundary markers: None. There are no delimiters or instructions provided to the agent to treat the HTML as untrusted data.\n
- Capability inventory: The skill has access to the
Bashtool with broad execution capability forinfshapps.\n - Sanitization: None. The skill does not provide mechanisms to sanitize or escape HTML before processing.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata