landing-page-design
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (HIGH): The skill implements a piped-to-shell execution pattern (
curl -fsSL https://cli.inference.sh | sh). This allows a remote server to execute arbitrary commands on the host machine without any verification, integrity checks, or user review. - External Downloads (HIGH): The source domain
cli.inference.shis not a trusted repository or organization according to defined security protocols. Downloading and executing code from unverified third-party domains poses a severe risk of supply chain attacks. - Command Execution (HIGH): By piping remote content directly to the shell (
sh), the skill bypasses security inspection and provides the downloaded script with the same privileges as the running environment.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata