Skills
AGENT LAB: SKILLS
skills/inference-sh-3/skills/character-design-sheet/Gen Agent Trust Hub

character-design-sheet

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Remote Code Execution (CRITICAL): The command curl -fsSL https://cli.inference.sh | sh was detected. This pattern is a critical security vulnerability that executes remote scripts directly in the host shell without any integrity verification or sandboxing.
  • External Downloads (HIGH): The skill sources code from https://cli.inference.sh, which is not a trusted external source (e.g., GitHub organizations like OpenAI, Google, or Anthropic).
  • Command Execution (HIGH): The use of piped shell commands (| sh) facilitates immediate execution of potentially malicious payloads, bypassing security review and manual intervention.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 19, 2026, 03:41 AM