twitter-thread-creation
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill contains a direct command
curl -fsSL https://cli.inference.sh | shin its Quick Start and usage examples. This pattern downloads a script from an external domain and executes it with shell privileges without any verification of the content. Sinceinference.shis not a Trusted External Source, this represents a severe risk of arbitrary code execution. - Unverifiable Dependencies (MEDIUM): The skill suggests installing additional tools via
npx skills add inference-sh/skills@.... This pattern encourages the user/agent to pull and execute code from an untrusted namespace, increasing the attack surface through dependency confusion or malicious package updates. - Indirect Prompt Injection (LOW): The skill uses
infsh/agent-browserandtavily/search-assistantto process external web content. - Ingestion points: External URLs fetched via
agent-browserand search results fromtavily. - Boundary markers: Absent; there are no instructions to the agent to treat this data as untrusted or to ignore embedded instructions.
- Capability inventory: The skill has
Bash(infsh *)permissions, allowing it to perform network operations and local command execution. - Sanitization: Absent; the skill does not specify any filtering or validation for the content retrieved from the web before using it in thread generation.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata