Skills
skills/inference-sh-9/skills/ai-automation-workflows/Gen Agent Trust Hub

ai-automation-workflows

Fail

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill uses an installation pattern ('curl -fsSL https://cli.inference.sh | sh') that downloads and executes a script directly in the shell to install the vendor-owned CLI tool.
  • [COMMAND_EXECUTION]: Extensive use of shell commands and the 'infsh' CLI tool via Bash subshells and Python's 'subprocess' module for workflow orchestration.
  • [DATA_EXFILTRATION]: Includes a monitoring script ('monitored_workflow.sh') that demonstrates sending command output and error messages to an external webhook URL using 'curl'.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it interpolates untrusted data from local files and command-line arguments directly into LLM prompts.
  • Ingestion points: Reads files in 'data_processing.sh' ('$(cat $file)') and accepts user input in 'conditional_workflow.sh' ('$INPUT_TEXT').
  • Boundary markers: No delimiters or explicit instructions to ignore embedded commands are used when interpolating data into prompts.
  • Capability inventory: The skill has access to execute shell commands ('infsh', 'curl'), write files, and perform network operations.
  • Sanitization: There is no evidence of input validation, escaping, or filtering before data is sent to the LLM.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 25, 2026, 05:37 PM