logo-design-guide
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill instructs the agent to execute a shell script directly from a remote URL using
curl -fsSL https://cli.inference.sh | sh. This pattern is highly dangerous as it grants the remote server the ability to execute arbitrary code with the privileges of the agent's environment without any prior verification. - EXTERNAL_DOWNLOADS (HIGH): The skill depends on tools and software downloaded from
inference.sh, which is not on the trusted sources list. This introduces a supply chain risk where the third-party infrastructure could be compromised to serve malicious payloads. - COMMAND_EXECUTION (MEDIUM): The skill utilizes the
Bash(infsh *)tool to execute complex shell loops and system commands. While intended for image generation, these capabilities could be repurposed by an attacker if the initial remote execution provides a foothold.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata