data-visualization
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Remote Code Execution] (CRITICAL): The skill executes the command
curl -fsSL https://cli.inference.sh | sh. This is a critical security vulnerability known as 'piping to shell,' which executes remote content immediately without any verification or sanitization. - [External Downloads] (MEDIUM): The domain
cli.inference.shis not a trusted source. Relying on unverified external domains for executable content poses a significant supply chain risk. - [Command Execution] (HIGH): The use of the system shell to run unvalidated remote scripts allows for arbitrary actions on the host, including data theft or malware installation.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata