case-study-writing
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (CRITICAL): The skill explicitly instructs the user or agent to run 'curl -fsSL https://cli.inference.sh | sh'. This pattern executes a remote script with the user's shell privileges without prior verification. The domain 'inference.sh' is not a trusted source according to security policy.
- Command Execution (HIGH): The skill requests 'Bash(infsh *)' tool permissions. This grants the agent broad authority to execute any command within the 'infsh' CLI, which could be leveraged for unauthorized system actions if the tool is compromised or misused.
- Dynamic Execution (MEDIUM): The skill uses the 'infsh/python-executor' to run Python code provided as a string within the skill's instructions. This 'code-as-data' approach is a common vector for injection attacks.
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from web search tools (Tavily and Exa). 1. Ingestion points: Search results for industry context. 2. Boundary markers: Absent. 3. Capability inventory: Bash command execution and Python script execution. 4. Sanitization: No escaping or validation of external content is specified.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata