product-changelog
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): Detected piped remote execution:
curl -fsSL https://cli.inference.sh | sh. This command downloads a script from an unverified remote source and executes it immediately in the shell, which is a major security risk for remote code execution (RCE).\n- [EXTERNAL_DOWNLOADS] (HIGH): The skill references and executes code from untrusted sources viainference.shandnpx skills. These domains and packages are not included in the list of Trusted External Sources, posing a supply-chain risk.\n- [COMMAND_EXECUTION] (MEDIUM): The skill configurationallowed-tools: Bash(infsh *)grants the agent permission to execute any shell command starting withinfsh. This provides a broad capability that could be abused to interact with the local system.\n- [PROMPT_INJECTION] (LOW): The skill processes untrusted product descriptions and changelog data (Ingestion: SKILL.md) to generate language. It lacks explicit boundary markers or sanitization, creating a surface for indirect prompt injection that could influence agent behavior.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata