Skills
NYC
skills/inference-sh-4/skills/linkedin-content/Gen Agent Trust Hub

linkedin-content

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • Remote Code Execution (HIGH): The skill includes the command curl -fsSL https://cli.inference.sh | sh. This pattern downloads a script from an untrusted domain and executes it immediately with shell privileges, providing a direct path for arbitrary code execution on the host system.
  • Unverifiable Dependencies (MEDIUM): The skill uses npx skills add to fetch and install additional remote content from the inference-sh/skills repository. These dependencies are not from a trusted organization and represent an unverified supply chain risk.
  • Indirect Prompt Injection Surface (LOW): The skill uses infsh app run tavily/search-assistant to ingest external web data.
  • Ingestion points: Web search results via Tavily.
  • Boundary markers: Absent; the content is processed without clear delimiters to isolate untrusted data.
  • Capability inventory: The skill can execute bash commands and post to social media (X/Twitter), creating a path for malicious data to trigger actions.
  • Sanitization: No sanitization or validation logic is defined for the ingested search data.
  • Command Execution (LOW): The skill requests broad Bash(infsh *) permissions, allowing the agent to execute any sub-command of the custom infsh CLI tool.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 18, 2026, 11:32 PM