ai-automation-workflows
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill recommends installing its CLI tool using a piped shell command:
curl -fsSL https://cli.inference.sh | sh. This executes a remote script directly in the user's shell environment. This is a vendor-provided installer for the primary tool associated with the skill. - [COMMAND_EXECUTION]: Numerous examples demonstrate the use of shell commands and scripts for automation, including:
- Process management using
wait,$!, and background execution&. - File system operations such as
mkdir,cat, and output redirection> /path/to/file. - System utilities including
date,sleep, andecho. - Persistence via
crontabconfiguration for periodic task execution. - [EXTERNAL_DOWNLOADS]: The skill references several external resources:
- CLI installer at
https://cli.inference.shand binary downloads fromdist.inference.sh. - Extension of capabilities via
npx skills addtargeting theinference-sh/skillsrepository. - [PROMPT_INJECTION]: The skill contains patterns that create an attack surface for indirect prompt injection (Category 8):
- Ingestion points: Processes external data from command-line arguments (
$INPUT_TEXTin the Conditional Workflow pattern) and local file contents ($(cat $file)in the Data Processing Pipeline). - Boundary markers: Absent; the external data is directly interpolated into the JSON-formatted prompt strings.
- Capability inventory: The skill utilizes the
infshtool to send data to various LLM providers andcurlto send alerts to external webhooks. - Sanitization: No escaping, filtering, or validation is performed on the ingested data before it is sent to the models.
Audit Metadata