Skills
NYC
skills/inference-sh-4/skills/pitch-deck-visuals/Gen Agent Trust Hub

pitch-deck-visuals

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The skill uses a dangerous pattern where a script is downloaded from the internet and immediately executed via the shell without any validation or integrity checks.
  • Evidence: The command curl -fsSL https://cli.inference.sh | sh was detected.
  • Risk: This allows the owner of the inference.sh domain to execute arbitrary commands on the host system.
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill downloads executable content from an untrusted domain that is not included in the approved list of trusted repositories or organizations.
  • Evidence: Download from https://cli.inference.sh.
  • Mitigation: Downloaded scripts should be pinned to a specific hash and audited before execution.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 19, 2026, 12:11 AM