Skills
skills/inference-sh-4/skills/technical-blog-writing/Gen Agent Trust Hub

technical-blog-writing

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Remote Code Execution (CRITICAL): The skill uses a highly dangerous pattern where a remote script is piped directly into a shell interpreter.
  • Evidence: Found command curl -fsSL https://cli.inference.sh | sh reported in automated scan.
  • Risk: This method bypasses all security checks and allows the remote server at cli.inference.sh to execute arbitrary code on the host machine.
  • External Downloads (HIGH): The skill attempts to download and execute content from https://cli.inference.sh, which is not a recognized trusted source.
  • Evidence: Target URL https://cli.inference.sh is not among the whitelisted or trusted domains provided in the security skill configuration.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 11:31 PM