web-search
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The instruction to use
curl -fsSL https://cli.inference.sh | shis a confirmed remote code execution pattern. This pattern allows an untrusted third-party server to execute arbitrary commands on the host machine without user verification or oversight. - COMMAND_EXECUTION (HIGH): The skill is entirely dependent on executing commands via the
Bashtool (infsh *). This provides an expansive capability set that could be abused if the inputs to these commands are not strictly controlled. - EXTERNAL_DOWNLOADS (HIGH): The skill relies on external binaries and scripts downloaded from
inference.sh, which is not a recognized trusted source in the defined security policy. - Indirect Prompt Injection (LOW): The skill ingests data from arbitrary URLs and processes it through an LLM, creating a surface for injection attacks.
- Ingestion points: Data entering through
tavily/extractandexa/extractcommands inSKILL.md. - Boundary markers: Absent. The documentation shows direct interpolation of search/extract results into LLM prompts without delimiters or warnings.
- Capability inventory:
Bashcapability used for file writing (> search_results.json) and network communication via theinfshCLI. - Sanitization: None detected in the provided workflow examples.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata