Skills
skills/inferencesh/agent-skills/press-release-writing/Gen Agent Trust Hub

press-release-writing

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Remote Code Execution (CRITICAL): The skill includes the instruction curl -fsSL https://cli.inference.sh | sh. This is a classic untrusted remote code execution (RCE) pattern that downloads and executes an opaque script from a non-whitelisted domain directly in the user's shell.
  • Indirect Prompt Injection (HIGH):
  • Ingestion points: The skill ingests untrusted external data via infsh app run tavily/search-assistant and exa/search (SKILL.md).
  • Boundary markers: Absent. There are no delimiters or instructions to treat the search output as untrusted data.
  • Capability inventory: The skill has allowed-tools: Bash(infsh *), providing the ability to execute commands that could be influenced by malicious content returned from search results.
  • Sanitization: Absent. External content is used directly to "fact-check" or provide "context" without filtering.
  • External Downloads (MEDIUM): The skill references external packages via npx skills add inferencesh/skills. Since the inferencesh organization is not on the Trusted External Sources list, these dependencies are considered unverifiable and pose a supply-chain risk.
Recommendations
  • CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 06:36 AM