Skills
skills/inferencesh/agent-skills/twitter-thread-creation/Gen Agent Trust Hub

twitter-thread-creation

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill instructs the user or agent to run curl -fsSL https://cli.inference.sh | sh. This pattern executes unverified remote code directly in the shell. The source domain inference.sh is not included in the trusted provider list, making this a high-risk operation.\n- [COMMAND_EXECUTION] (MEDIUM): The skill is configured with allowed-tools: Bash(infsh *), which permits the execution of arbitrary shell commands. While intended for functionality, this broad access increases the impact of potential exploits.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill uses npx skills add to download additional executable components from the inferencesh organization on GitHub, which is not a verified trusted source.\n- [INDIRECT_PROMPT_INJECTION] (LOW): The skill provides a surface for indirect prompt injection attacks.\n
  • Ingestion points: Data retrieved from external sources via tavily/search-assistant and infsh/agent-browser (web browsing).\n
  • Boundary markers: None identified in the prompt templates or command structures to separate instructions from data.\n
  • Capability inventory: Social media posting (x/post-create), image generation (html-to-image), and shell execution (Bash).\n
  • Sanitization: No evidence of input validation or escaping for the data fetched from external URLs or search results.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:45 PM