customer-persona
Fail
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's setup instructions direct the agent or user to execute
curl -fsSL https://cli.inference.sh | sh. This pattern pipes remote content directly into a shell, allowing for unverified code execution. While this is a vendor-provided installer, the method bypasses static review and integrity checks, posing a risk if the remote source or delivery path is compromised.\n- [EXTERNAL_DOWNLOADS]: The skill requires downloading external CLI binaries and configuration files fromcli.inference.shanddist.inference.shto function.\n- [COMMAND_EXECUTION]: The skill uses theBashtool to run theinfshCLI, which executes external applications for web searching (tavily,exa) and image generation (falai/flux-dev-lora).\n- [PROMPT_INJECTION]: The skill processes data from external search providers (Step 1) to build personas. This ingestion of untrusted data lacks boundary markers or sanitization, creating a surface for indirect prompt injection where malicious content in search results could influence the agent's output or subsequent tool use. Capability inventory includes Bash tool access via theinfshcommand.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata