linkedin-content
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The 'Quick Start' section provides the command 'curl -fsSL https://cli.inference.sh | sh'. This pattern downloads a shell script from an unverified remote server and executes it immediately with shell privileges. This is a high-risk activity that allows for arbitrary code execution from a source outside of the trusted organization list.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill references 'npx skills add inference-sh/skills@...' to install additional external skills. These components are not from a trusted repository or organization, introducing unvetted code into the agent's environment.
- COMMAND_EXECUTION (MEDIUM): The skill requests 'allowed-tools: Bash(infsh *)', which allows the agent to execute any subcommands available via the 'infsh' CLI tool. This provides a broad surface for command execution and interaction with external systems.
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted data from web search results via 'tavily/search-assistant'. Mandatory Evidence: (1) Ingestion point: results from 'tavily/search-assistant'; (2) Boundary markers: none used to wrap the untrusted search data; (3) Capability inventory: 'Bash(infsh *)' tool allows for significant command execution; (4) Sanitization: no escaping or filtering of search results is performed before the agent processes them.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata