case-study-writing
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the 'infsh' CLI installation script and binary from 'cli.inference.sh' and 'dist.inference.sh', which are vendor-controlled domains.
- [REMOTE_CODE_EXECUTION]: Installation is performed by piping a remote script directly into the shell ('curl | sh'). This is the vendor's standard installation method and is expected behavior for this toolset.
- [COMMAND_EXECUTION]: Uses the 'infsh' command-line tool to execute various 'apps', including search tools and a Python executor for chart generation.
- [REMOTE_CODE_EXECUTION]: Uses 'npx' to dynamically add additional skills from the 'inference-sh' repository.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). Evidence chain: 1. Ingestion points: External web content is ingested via 'tavily/search-assistant', 'exa/search', and 'exa/answer'. 2. Boundary markers: No delimiters or explicit instructions to ignore embedded commands are present when processing search results. 3. Capability inventory: The skill has access to the 'Bash' tool and 'python-executor' for command execution. 4. Sanitization: There is no evidence of sanitization or filtering applied to external data before it enters the agent context.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata