Skills
skills/inference-sh-4/skills/product-hunt-launch/Gen Agent Trust Hub

product-hunt-launch

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The skill instructs users to run curl -fsSL https://cli.inference.sh | sh. This is a classic 'curl pipe to sh' pattern that allows an untrusted remote server to execute arbitrary code on the local machine without verification.
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill utilizes npx skills add to dynamically download and execute additional packages from the inference-sh organization. This introduces unverified external dependencies at runtime, bypassing static security reviews.
  • COMMAND_EXECUTION (LOW): The skill heavily relies on the infsh CLI tool to perform tasks like image generation and web searches. While functional, it requires the installation and execution of a third-party binary that communicates with external APIs.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 18, 2026, 11:37 PM