Skills
skills/inference-sh-4/skills/customer-persona/Gen Agent Trust Hub

customer-persona

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Remote Code Execution (CRITICAL): The skill uses the pattern curl -fsSL https://cli.inference.sh | sh. This is a highly dangerous operation that pipes remote content directly into a command shell.
  • Evidence: Automated scan detected the command curl -fsSL https://cli.inference.sh | sh.
  • Risk: The remote server at cli.inference.sh has full control over the commands executed. If the site is compromised or malicious, it can install malware, steal data, or establish persistence.
  • External Downloads (HIGH): The skill fetches executable content from https://cli.inference.sh, which is not on the list of trusted external sources.
  • Evidence: URL https://cli.inference.sh is used for script retrieval.
  • Command Execution (HIGH): The skill executes shell commands that are dynamically retrieved from the network, bypassing local security reviews.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 11:26 PM