case-study-writing
Fail
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs users to install a CLI tool using a piped-to-shell pattern (
curl -fsSL https://cli.inference.sh | sh). This method executes a remote script directly without prior review, representing a high-risk security practice even if associated with the skill author.\n- [EXTERNAL_DOWNLOADS]: The skill documentation recommends adding external logic vianpx skills add, which fetches and executes packages from a remote repository at runtime. This introduces unverified external dependencies into the agent's operating environment.\n- [COMMAND_EXECUTION]: The skill requires access to theBashtool to runinfshcommands. Although restricted to theinfshbinary in the configuration, the instructions demonstrate using this tool for network operations and local file system writes (e.g., saving generated charts).\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection.\n - Ingestion points: Data enters the agent context from the output of
infsh app runcalls to external search services (tavily/search-assistant,exa/search).\n - Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the external search results are present in the examples.\n
- Capability inventory: The agent can execute shell commands via the
Bashtool (restricted toinfsh) and perform file system writes.\n - Sanitization: No sanitization or validation of the external search content is documented before the agent processes it for content generation.\n- [DYNAMIC_EXECUTION]: The skill utilizes a
python-executorapp to run arbitrary Python code strings for data visualization, which represents a runtime code generation and execution capability.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata