press-release-writing
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill documentation includes a command to download and execute a script directly from
https://cli.inference.shusingcurl -fsSL ... | sh. This is a high-risk pattern that executes remote code with the user's local privileges without any integrity verification. - EXTERNAL_DOWNLOADS (HIGH): The skill promotes installing additional dependencies using
npx skills addfrom theinference-shorganization. As this organization is not on the trusted sources list, these downloads are considered unverified and potentially malicious. - COMMAND_EXECUTION (MEDIUM): The skill is configured with
allowed-tools: Bash(infsh *), which permits the execution of any subcommand under theinfshumbrella. This provides a significant attack surface for local command execution via the agent. - PROMPT_INJECTION (LOW): The skill's workflow involves ingesting untrusted data from external search providers (Tavily, Exa).
- Ingestion points: Research data is pulled into the agent context via
infsh app runcommands. - Boundary markers: None identified in the prompt templates to distinguish between instructions and search data.
- Capability inventory: Full bash access via
infshand the ability to write files (implied by press release output). - Sanitization: No sanitization logic is present to filter malicious instructions embedded in search results.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata