Skills
skills/inferencesh/agent-skills/product-hunt-launch/Gen Agent Trust Hub

product-hunt-launch

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill contains the command curl -fsSL https://cli.inference.sh | sh. This pattern downloads a shell script from a remote server and immediately executes it. Because the source is not in the trusted organization list, this constitutes unverified remote code execution.
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill requires the installation of the infsh CLI from an untrusted domain and suggests installing additional external skills via npx. These actions introduce unverified code and binary dependencies into the environment.
  • [COMMAND_EXECUTION] (MEDIUM): The skill's core functionality involves executing complex commands through the infsh binary (e.g., infsh app run). This creates a significant attack surface where the behavior of the skill depends entirely on the integrity of a third-party command-line tool.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:38 PM