ai-rag-pipeline
Fail
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation recommends installation via
curl -fsSL https://cli.inference.sh | sh. This executes a remote script directly in the shell. While this originates from the skill author's official domain (inference.sh), it remains a high-privilege execution pattern. - [PROMPT_INJECTION]: The skill provides numerous examples of Retrieval Augmented Generation (RAG) pipelines that are vulnerable to indirect prompt injection. External, untrusted data from web searches is directly interpolated into LLM prompts.
- Ingestion points: Untrusted data enters the agent context through the output of
infsh app run tavily/search-assistantandinfsh app run exa/search(referenced in SKILL.md). - Boundary markers: The prompt templates provide minimal delimiters (e.g., 'Search Results: $SEARCH_RESULT') and lack explicit instructions to the AI to ignore embedded commands within the retrieved data.
- Capability inventory: The skill utilizes the
Bashtool withinfshcommands, which can perform network operations and application execution. - Sanitization: There is no evidence of filtering, escaping, or schema validation for the search results before they are passed to the language models.
- [COMMAND_EXECUTION]: The skill explicitly requests the
Bash(infsh *)capability, allowing the agent to execute any subcommand of theinfshCLI on the host system.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata