press-release-writing
Fail
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to install the vendor's CLI using a remote script via 'curl -fsSL https://cli.inference.sh | sh'. While this is an official installation method from the vendor, it involves direct execution of remote code in the shell.\n- [EXTERNAL_DOWNLOADS]: The skill fetches installation scripts and binaries from 'cli.inference.sh' and 'dist.inference.sh'. These domains are owned by the vendor and are used for tool distribution and integrity verification via SHA-256.\n- [COMMAND_EXECUTION]: The skill uses the 'Bash' tool to execute 'infsh' commands for research and 'npx' for adding additional skills. Risk is mitigated by the 'allowed-tools' restriction in the frontmatter which limits Bash to the 'infsh' executable.\n- [PROMPT_INJECTION]: The skill processes untrusted content from external search engines (Tavily and Exa), creating a surface for indirect prompt injection.\n
- Ingestion points: Search result output from 'infsh app run tavily/search-assistant' and 'infsh app run exa/search' (SKILL.md).\n
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the skill text.\n
- Capability inventory: The skill uses 'Bash' restricted to the 'infsh' command (SKILL.md).\n
- Sanitization: No sanitization or filtering of external search content is specified.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata