case-study-writing
Fail
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the user to install a CLI tool by piping a script from 'https://cli.inference.sh' directly to the shell. This is a common but high-risk installation pattern, though it targets the vendor's own infrastructure.- [COMMAND_EXECUTION]: Uses 'infsh app run' to execute various tools, including a Python executor that runs generated scripts for matplotlib visualizations. It also uses 'npx' to install additional skills.- [EXTERNAL_DOWNLOADS]: The skill performs automated downloads of binaries and search results from external domains during tool execution and installation.- [PROMPT_INJECTION]: The skill processes untrusted external content from search tools (Tavily and Exa), creating a surface for indirect prompt injection.
- Ingestion points: Search result data from 'tavily/search-assistant' and 'exa/search' is processed within the skill's logic.
- Boundary markers: No explicit delimiters or boundary instructions are used to isolate untrusted data.
- Capability inventory: The skill has the capability to execute shell commands and Python code.
- Sanitization: No sanitization or validation of external content is present.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata