web-search
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Executes an installation script from the vendor's domain (https://cli.inference.sh | sh). This is a documented part of the vendor's setup process.\n- [EXTERNAL_DOWNLOADS]: Fetches the infsh binary from dist.inference.sh during the installation process.\n- [COMMAND_EXECUTION]: Utilizes the Bash tool to run infsh commands for searching and data extraction tasks.\n- [PROMPT_INJECTION]: Presents an indirect prompt injection surface (Category 8) by ingesting untrusted web content.\n
- Ingestion points: External data is retrieved via tavily/search-assistant, tavily/extract, and exa/extract in SKILL.md.\n
- Boundary markers: The provided examples use tags like but lack instructions to ignore embedded commands.\n
- Capability inventory: The skill has access to the Bash tool to execute vendor CLI applications.\n
- Sanitization: There is no evidence of sanitization or filtering of the content extracted from external URLs before it is provided to the AI.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata