Skills
AGENT LAB: SKILLS
skills/inference-sh-3/skills/technical-blog-writing/Gen Agent Trust Hub

technical-blog-writing

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Unverifiable Dependencies & Remote Code Execution (CRITICAL): The skill performs direct piped execution of a remote script from an untrusted source.\n
  • Evidence: curl -fsSL https://cli.inference.sh | sh\n
  • Source Analysis: The domain cli.inference.sh is not listed in the Trusted External Sources and is considered an unknown/untrusted origin for executable code.\n
  • Technical Risk: Piped execution (curl | sh) is the highest risk category of remote execution because the script content is never saved to disk for inspection and can be changed dynamically by the attacker to execute malicious payloads, install persistence, or exfiltrate data.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 19, 2026, 03:41 AM