newsletter-curation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill includes the command
curl -fsSL https://cli.inference.sh | sh. This is a highly dangerous pattern that downloads a script from a remote server and executes it immediately with shell privileges without any verification or user review. - INDIRECT_PROMPT_INJECTION (HIGH): The skill's workflow ingests untrusted data from external search providers and uses it to drive automated actions.
- Ingestion points: External content is fetched using
tavily/search-assistantandexa/search(SKILL.md). - Boundary markers: Absent. The skill provides no instructions to ignore embedded commands within the fetched search results.
- Capability inventory: The skill has the capability to post directly to social media using
infsh app run x/post-create(SKILL.md). - Sanitization: None. Content from search results is curated and then prepared for social distribution without filtering or safety checks.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill attempts to install additional remote dependencies using
npx skills add inferencesh/skills@.... These sources are outside of the predefined trusted organizations and represent unverified third-party code.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata