Skills
skills/inferencesh/agent-skills/product-changelog/Gen Agent Trust Hub

product-changelog

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): The skill contains the command curl -fsSL https://cli.inference.sh | sh. This pattern downloads a script from a remote server and pipes it directly into the shell for execution without integrity verification, which is a classic vector for immediate system compromise.
  • EXTERNAL_DOWNLOADS (HIGH): The skill relies on an external CLI tool (infsh) and additional skills fetched via npx from the inferencesh organization, neither of which are on the trusted source list.
  • COMMAND_EXECUTION (MEDIUM): The skill utilizes a custom binary (infsh) and is granted broad shell execution permissions via the allowed-tools: Bash(infsh *) configuration.
  • PROMPT_INJECTION (LOW): The skill ingests user-provided text for changelog generation and image prompts, creating a surface for indirect prompt injection. Ingestion points: User-controlled strings used in infsh app run inputs. Boundary markers: Absent. Capability inventory: Full subprocess execution via the infsh CLI. Sanitization: No evidence of input escaping or validation.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:44 PM