Skills
skills/inferencesh/agent-skills/email-design/Gen Agent Trust Hub

email-design

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Unverifiable Dependencies & Remote Code Execution (CRITICAL): The skill performs piped remote execution. Evidence: curl -fsSL https://cli.inference.sh | sh. The domain cli.inference.sh is not in the trusted source list. This pattern allows a remote actor to execute arbitrary code on the user's machine with the same permissions as the process running the command.
  • External Downloads (HIGH): The skill fetches content from an external, untrusted URL without verification or integrity checks (e.g., checksums).
  • Command Execution (HIGH): The skill invokes the system shell (sh) to execute unverified content fetched over the network, bypassing local security controls and auditing.
Recommendations
  • CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 06:42 AM