Skills
skills/inferencesh/skills/press-release-writing/Gen Agent Trust Hub

press-release-writing

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill instructions include curl -fsSL https://cli.inference.sh | sh, which downloads and executes a remote script directly in the shell. This source is not on the verified trusted list, making it a high-risk vector for supply-chain attacks.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill uses npx skills add to fetch external components from the inferencesh organization, which is not a trusted source.
  • [COMMAND_EXECUTION] (MEDIUM): The skill definition includes allowed-tools: Bash(infsh *), which grants the agent broad permissions to execute any command within the infsh toolset.
  • [PROMPT_INJECTION] (LOW): The skill creates a surface for indirect prompt injection by processing external data from search tools (Tavily/Exa). Evidence: 1. Ingestion points: Output from infsh app run search tools. 2. Boundary markers: Absent from instructions. 3. Capability inventory: Significant command execution via Bash(infsh *). 4. Sanitization: No sanitization or filtering of external content is specified.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 01:16 AM