og-image-design
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill performs an unverified remote script execution by piping a curl command directly to a shell (curl -fsSL https://cli.inference.sh | sh). This allows the remote server to execute arbitrary code on the host system without any integrity checks or human review.
- External Downloads (HIGH): The skill downloads content from https://cli.inference.sh, which is not a recognized trusted source and could be used for malicious payload delivery.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata