case-study-writing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill instructs the execution of a script from
https://cli.inference.shpiped directly into a shell (curl | sh). This is a dangerous pattern that allows unverified remote code execution from a non-trusted third-party domain.- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data from external sources and possesses execute capabilities that can be abused by malicious content. - Ingestion points: External data enters through search tools
tavily/search-assistantandexa/searchmentioned inSKILL.md. - Boundary markers: No boundary markers or instructions to ignore embedded commands are present.
- Capability inventory: The skill has access to
Bash(infsh *)andinfsh/python-executorfor arbitrary code and command execution. - Sanitization: There is no evidence of sanitization or validation of the search results before they are processed by the agent.- COMMAND_EXECUTION (HIGH): The skill requests broad shell access via
Bash(infsh *)in its tool configuration, allowing the agent to perform unrestricted system operations using the third-party CLI.- REMOTE_CODE_EXECUTION (MEDIUM): The skill usesinfsh/python-executorto run Python code generated at runtime. While the example provided is for visualization, the tool itself supports arbitrary Python execution.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata