case-study-writing
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill provides instructions to run
curl -fsSL https://cli.inference.sh | sh. Piping a remote script directly into a shell is a high-risk pattern that allows arbitrary code execution from a source not listed in the trusted repository list. - COMMAND_EXECUTION (HIGH): The
allowed-toolssection grants the skill permission to runBash(infsh *), which allows the execution of any CLI command associated with theinfshtool, including logging in and running arbitrary remote scripts via thepython-executorapp. - EXTERNAL_DOWNLOADS (MEDIUM): The skill uses
npx skills addto fetch and install external skills frominferencesh/skills@web-search. This introduces third-party dependencies that are not pre-verified. - DATA_EXFILTRATION (LOW): The skill facilitates the transmission of search queries and potentially user-provided context to external APIs such as Tavily and Exa. While this is part of its functional design, it establishes a data flow to third-party services.
- INDIRECT_PROMPT_INJECTION (LOW): The skill has a vulnerability surface for indirect prompt injection by ingesting untrusted web data.
- Ingestion points: Search results from
tavily/search-assistantandexa/searchare incorporated into the agent's context inSKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the research tool calls.
- Capability inventory: The skill has broad capabilities to execute code via
infsh app run infsh/python-executor. - Sanitization: No sanitization of search results is performed before the data is processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata