linkedin-content
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (HIGH): The skill includes the command
curl -fsSL https://cli.inference.sh | sh. This is a critical security risk as it downloads a script from an untrusted external source and executes it directly in the shell without any verification or integrity checks. - Unverifiable Dependencies (MEDIUM): The skill attempts to install further extensions using
npx skills add inferencesh/skills@.... These sources are not part of the trusted external sources list, making the code being pulled into the environment unverifiable and potentially unsafe. - Broad Command Execution (MEDIUM): The frontmatter specifies
allowed-tools: Bash(infsh *). This wildcard configuration grants the agent permission to execute any command starting withinfsh, which significantly expands the attack surface if the underlying CLI tool has vulnerabilities or handles input unsafely.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata