Skills
skills/inference-sh-4/skills/social-media-carousel/Gen Agent Trust Hub

social-media-carousel

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): The command curl -fsSL https://cli.inference.sh | sh downloads and executes code from a non-trusted third-party domain. This 'curl pipe bash' pattern is a critical vulnerability that permits arbitrary code execution and full system compromise.
  • EXTERNAL_DOWNLOADS (HIGH): The skill installs multiple unverified packages from the inference-sh organization using npx. Since this organization is not on the list of trusted sources, these dependencies represent an unverified supply chain risk.
  • COMMAND_EXECUTION (MEDIUM): The skill generates and executes shell commands and loops to interact with the infsh CLI. The use of shell execution for dynamically generated templates increases the attack surface for potential exploits.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection because it interpolates user-provided text into HTML slide templates without sanitization or boundary markers.
  • Ingestion points: User-provided carousel content and layout parameters in SKILL.md.
  • Boundary markers: Absent from HTML and bash templates.
  • Capability inventory: Broad subprocess execution permissions via Bash(infsh *).
  • Sanitization: No escaping or validation of external content is performed before interpolation.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 11:05 PM