product-changelog
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill promotes an insecure installation pattern:
curl -fsSL https://cli.inference.sh | sh. This executes unverified code from a remote server directly in the user's shell environment, a common vector for system compromise. - COMMAND_EXECUTION (HIGH): The skill grants the agent permission to execute any
infshcommand viaallowed-tools: Bash(infsh *). This CLI tool is used to run remote 'apps' and AI models from a third-party registry, effectively allowing remote code to be executed on the user's behalf through the agent. - EXTERNAL_DOWNLOADS (MEDIUM): The skill suggests installing further extensions using
npx skills add inference-sh/skills@.... These external dependencies are not from a trusted source list and have not been verified for safety. - INDIRECT_PROMPT_INJECTION (LOW): The skill processes user-provided product data and changelog text. While it lacks explicit boundary markers, the primary risk is associated with the tool capabilities rather than the data processing itself.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata