twitter-thread-creation
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill instructs the user to execute
curl -fsSL https://cli.inference.sh | sh. Piping a remote script directly to a shell is a major security risk as it allows an untrusted source to execute arbitrary code on the host system without inspection. - [EXTERNAL_DOWNLOADS] (HIGH): The domain
cli.inference.shis not a recognized trusted source. Downloads and execution patterns from untrusted domains are treated with high severity. - [CREDENTIALS_UNSAFE] (HIGH): The skill guides users to perform
infsh login. Because the installation method is unverified and the source is untrusted, there is a risk that this login process could capture or exfiltrate user credentials. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill references several external packages via
npx skills addfrom theinference-shscope. These are unverifiable dependencies that further expand the attack surface. - [COMMAND_EXECUTION] (MEDIUM): The skill utilizes several tools with high-risk capabilities, such as
infsh/agent-browserfor web navigation andx/post-createfor social media interaction. If the underlyinginfshbinary is compromised via the untrusted installation method, these tools could be used for data exfiltration or unauthorized account actions.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata