competitor-teardown
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (HIGH): The skill uses a piped command to download and immediately execute a script from a remote URL. Evidence:
curl -fsSL https://cli.inference.sh | sh. Risk: This pattern allows an untrusted domain to run arbitrary code on the host machine without any verification or user oversight. - External Downloads (HIGH): The skill initiates a network request to an untrusted external source (
cli.inference.sh) which is not included in the trusted provider list.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata