press-release-writing
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the user to execute an installation script directly from an external URL by piping the output of a network request to the shell.
- Evidence:
curl -fsSL https://cli.inference.sh | shin SKILL.md. - Source:
https://cli.inference.sh(matches author/vendor context). - [COMMAND_EXECUTION]: The skill uses the vendor's CLI tool to execute various applications and login to their service.
- Evidence:
infsh login,infsh app run tavily/search-assistant,infsh app run exa/search, andinfsh app run exa/answer. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data retrieved from external web searches.
- Ingestion points: External content fetched via
tavily/search-assistantandexa/search(SKILL.md). - Boundary markers: No delimiters or instructions to ignore embedded commands are present in the provided templates.
- Capability inventory: The skill has permission to execute shell commands via the
Bash(infsh *)tool. - Sanitization: No evidence of sanitization or validation of the fetched external data.
- [EXTERNAL_DOWNLOADS]: The skill downloads and adds external dependencies using a package manager.
- Evidence:
npx skills add inference-sh/skills@web-searchandnpx skills add inference-sh/skills@prompt-engineering.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata