prompt-engineering
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill instructs the user to execute a remote script via a pipe to a shell, which is an extremely dangerous pattern.
- Evidence:
curl -fsSL https://cli.inference.sh | shfound in SKILL.md. - Risk: This executes arbitrary code from a non-trusted domain (inference.sh) with the user's current privileges, allowing for potential malware installation or data theft.
- [EXTERNAL_DOWNLOADS] (HIGH): The skill promotes the installation of additional unverified components from untrusted sources.
- Evidence: Multiple instances of
npx skills add inference-sh/skills@...in the Related Skills section. - Risk: Encourages expanding the attack surface by downloading and running more third-party code without integrity verification.
- [COMMAND_EXECUTION] (MEDIUM): The skill relies on executing a third-party CLI tool with complex, user-generated inputs.
- Evidence: Extensive use of the
infshtool to process JSON payloads containing prompts and code. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill demonstrates patterns that are vulnerable to indirect prompt injection when processing external data.
- Ingestion points: The
--inputJSON payload ininfsh app runcommands (SKILL.md). - Boundary markers: Absent; raw strings are used within JSON structures.
- Capability inventory: Shell access (via the
infshutility). - Sanitization: Absent; the examples show direct interpolation of potentially untrusted code snippets into LLM prompts.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata