Skills
AGENT LAB: SKILLS
skills/inference-sh-3/skills/data-visualization/Gen Agent Trust Hub

data-visualization

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Unverifiable Dependencies & Remote Code Execution (CRITICAL): A command detected in the skill downloads and immediately executes a script from an external URL. Evidence: curl -fsSL https://cli.inference.sh | sh. This pattern allows a remote server to run any code on the host machine without integrity verification.
  • External Downloads (HIGH): The skill fetches executable content from cli.inference.sh, a domain that is not on the list of trusted providers according to the security policy.
  • Command Execution (HIGH): The skill invokes a shell to execute remote content, which could allow for arbitrary system commands and privilege escalation.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 19, 2026, 03:41 AM