web-search
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Remote Code Execution (CRITICAL): The documentation explicitly recommends installing the 'infsh' CLI using the command 'curl -fsSL https://cli.inference.sh | sh'. This pattern executes unverified code from a remote server, which is an untrusted source outside the defined scope of trusted organizations.
- External Downloads (HIGH): The skill relies on external software (infsh CLI) downloaded from a non-standard source, increasing the supply chain risk.
- Indirect Prompt Injection (LOW): The skill's primary function is to extract web content from URLs (e.g., via 'tavily/extract' or 'exa/extract') and pass it to LLMs like Claude. There are no boundary markers or sanitization steps mentioned to prevent malicious instructions embedded in web pages from hijacking the agent's behavior.
- Evidence Chain for Category 8:
- Ingestion points: Web content extraction tools 'tavily/extract' and 'exa/extract' in SKILL.md.
- Boundary markers: Absent; untrusted content is interpolated directly into prompts (e.g., '').
- Capability inventory: Network access via 'infsh' and file system access through shell redirection.
- Sanitization: Absent; no escaping or filtering of extracted HTML/text is performed.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata