twitter-automation
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill instructions include
curl -fsSL https://cli.inference.sh | sh. This is a piped remote execution pattern where a script from an untrusted domain is executed directly by the shell, allowing for arbitrary code execution on the host system. - [EXTERNAL_DOWNLOADS] (HIGH): The skill downloads and installs additional components from
inference.shand usesnpxto fetch skills frominference-sh/skills, neither of which are within the trusted repository or organization whitelist. - [COMMAND_EXECUTION] (MEDIUM): The skill relies on the
infshcommand-line tool to perform actions. Since this tool is installed via an unverified remote script, any command executed viainfshinherits the risk of the installation method. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes data from external files (like
image.jsonorvideo.json) and interpolates it into shell commands without sanitization. - Ingestion points: Content from
image.jsonandvideo.jsonis used as input for subsequent commands. - Boundary markers: None are present to distinguish between data and instructions.
- Capability inventory: The skill has
Bashaccess to execute theinfshtool. - Sanitization: No evidence of input validation or escaping before interpolation into the command string.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata