Skills
AGENT LAB: SKILLS
skills/inference-sh-4/skills/app-store-screenshots/Gen Agent Trust Hub

app-store-screenshots

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): The skill contains the command curl -fsSL https://cli.inference.sh | sh. This is a critical security risk as it downloads and executes arbitrary code from an untrusted external domain directly in the user's shell environments without any verification or integrity checks.\n- EXTERNAL_DOWNLOADS (HIGH): The skill requires the installation of a custom CLI tool (infsh) from an untrusted domain and uses npx skills add to fetch further external dependencies from inference-sh/skills. None of these sources are in the trusted repository list.\n- COMMAND_EXECUTION (MEDIUM): The skill requests permission to use the Bash tool for all infsh commands, granting the agent the capability to execute complex system commands based on external or generated input.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 11:00 PM