logo-design-guide
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill instructs the agent to execute a remote script directly into the shell using
curl -fsSL https://cli.inference.sh | sh. This pattern is highly dangerous as it grants the remote server full control over the execution environment. - [EXTERNAL_DOWNLOADS] (HIGH): The skill attempts to download and install external agent skills from an untrusted source (
inference-sh/skills) usingnpx skills add. This could lead to the installation of malicious agent extensions. - [COMMAND_EXECUTION] (MEDIUM): The skill frequently uses the
infshcommand-line tool with arbitrary input. While this appears to be the primary purpose of the skill, the reliance on an externally downloaded binary (infsh) that was installed via the insecurecurl | shmethod escalates the risk of all subsequent command executions.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata