web-search
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill includes installation instructions that pipe a shell script from the vendor's official domain 'https://cli.inference.sh' directly into the shell. This is a standard setup procedure for the provided tool.
- [EXTERNAL_DOWNLOADS]: During the setup process, the skill downloads the 'infsh' binary from the vendor's distribution server ('dist.inference.sh') and performs a checksum verification.
- [COMMAND_EXECUTION]: The skill executes the 'infsh' CLI tool for search and extraction tasks. Shell access is restricted to this specific command via the 'allowed-tools' configuration in the frontmatter.
- [PROMPT_INJECTION]: The skill processes untrusted web content from search and extraction results, creating a surface for indirect prompt injection. 1. Ingestion points: Data retrieved via 'infsh app run'. 2. Boundary markers: Examples show basic variable interpolation (e.g., ''). 3. Capability inventory: Execution is limited to the 'infsh' tool. 4. Sanitization: No explicit content filtering is described in the prompt instructions.
Audit Metadata