newsletter-curation
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): Piped remote script execution detected. The command
curl -fsSL https://cli.inference.sh | shinSKILL.mddownloads and executes a script from a third-party domain (inference.sh) without integrity verification. This allows the remote server to execute arbitrary commands on the host system.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill usesnpxto install additional skills frominferencesh/skills@.... These packages are from an untrusted source outside the defined whitelist of trusted organizations.\n- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8).\n - Ingestion points: Processes content retrieved from
tavily/search-assistantandexa/searchas shown in the Content Sourcing section ofSKILL.md.\n - Boundary markers: Absent. External content is interpolated directly into the context for curation tasks without delimiters or instructions to ignore embedded commands.\n
- Capability inventory: Tooling includes
Bash(infsh *), which provides a broad command execution surface that could be exploited via malicious web content.\n - Sanitization: No sanitization or validation of the ingested web content is performed before processing.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata