newsletter-curation
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the
infshCLI tool from the vendor's official domain (cli.inference.sh).- [REMOTE_CODE_EXECUTION]: Includes a command to download and execute a shell script from the vendor's domain (curl -fsSL https://cli.inference.sh | sh). This is a standard installation pattern for the vendor's utility.- [COMMAND_EXECUTION]: Executes shell commands via theinfshtool to interact with search assistants and image generation apps.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by ingesting untrusted data from external sources. - Ingestion points: Results from
tavily/search-assistantandexa/searchtools are used to curate content. - Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between untrusted search results and its core instructions.
- Capability inventory: The skill has the capability to post content externally via the
x/post-createtool. - Sanitization: No sanitization or validation of the external search results is described.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata