data-visualization
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill uses the highly dangerous pattern of piping a remote script directly into a shell interpreter (sh). Evidence:
curl -fsSL https://cli.inference.sh | sh. This allows any code hosted at that URL to execute with the user's current privileges. - External Downloads (HIGH): The skill attempts to fetch executable content from
https://cli.inference.sh. This domain is not included in the list of trusted GitHub repositories or organizations, making it an unverifiable and high-risk source. - Command Execution (HIGH): By invoking the shell directly to process external content, the skill bypasses all standard security boundaries and sanitization protocols.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata