ai-rag-pipeline
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): Piped remote script execution detected. The command 'curl -fsSL https://cli.inference.sh | sh' downloads and runs arbitrary code from an unverified source.- [COMMAND_EXECUTION] (HIGH): The skill configuration allows broad execution of the 'infsh' command suite ('allowed-tools: Bash(infsh *)'), which is installed via an unverified remote script.- [EXTERNAL_DOWNLOADS] (HIGH): Dependencies are fetched from 'inference.sh', a non-trusted third-party domain, posing a supply chain risk.- [PROMPT_INJECTION] (LOW): Susceptible to indirect prompt injection (Category 8). 1. Ingestion points: Web search results from Tavily and Exa are stored in variables (e.g., '$SEARCH_RESULT', '$CONTENT'). 2. Boundary markers: None (external content is not wrapped in delimiters). 3. Capability inventory: Access to 'Bash(infsh *)'. 4. Sanitization: None. External content is directly interpolated into prompts, allowing malicious web content to hijack the agent's logic.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata