newsletter-curation
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill explicitly commands the execution of a remote script from an untrusted source via
curl -fsSL https://cli.inference.sh | sh. This is a severe security risk as the remote script can be modified by the provider to execute arbitrary malicious code on the host system. - [EXTERNAL_DOWNLOADS] (HIGH): The skill directs the installation of multiple external modules using
npx skills add inference-sh/skills@.... These sources are not among the trusted GitHub organizations or repositories and have not been verified for safety. - [COMMAND_EXECUTION] (MEDIUM): The skill requires the use of the
infshCLI tool, which executes bash commands. This tool is granted broad access (infsh *) to perform operations like searching the web and posting to social media, increasing the potential impact of a compromise. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it ingests data from untrusted external sources. 1. Ingestion points: Untrusted data enters the agent context via search results from
tavily/search-assistantandexa/search. 2. Boundary markers: Absent; there are no instructions or delimiters to isolate search results from the agent's instructions. 3. Capability inventory: The agent has capabilities to execute bash commands, perform network searches, and create social media posts. 4. Sanitization: Absent; the skill does not include any validation or escaping of the content retrieved from the web before processing it.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata