Skills
skills/inferencesh/agent-skills/social-media-carousel/Gen Agent Trust Hub

social-media-carousel

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The skill instructs the agent to execute a command that downloads a script from https://cli.inference.sh and pipes it directly into the shell (| sh). This bypasses security checks and allows for immediate execution of unverified remote code.
  • Evidence: curl -fsSL https://cli.inference.sh | sh found in SKILL.md.
  • EXTERNAL_DOWNLOADS (HIGH): The skill downloads and installs a CLI tool (infsh) from a non-standard, third-party source without integrity verification (such as checksums or signatures).
  • COMMAND_EXECUTION (MEDIUM): The skill uses the Bash(infsh *) tool, which grants it the capability to run arbitrary commands via the infsh utility, increasing the potential impact if the skill is used maliciously.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:44 PM