prompt-engineering
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill instructs the agent to run the command
curl -fsSL https://cli.inference.sh | sh. This is a classic 'curl pipe sh' vulnerability that allows an untrusted remote domain to execute arbitrary code with shell privileges on the local system. - External Downloads (HIGH): The 'Related Skills' section encourages the use of
npx skills addto download and install additional content from an untrusted source (inference-sh/skills). This can lead to the silent installation of malicious scripts or tool configurations. - Indirect Prompt Injection (LOW): The skill provides templates for processing untrusted data (e.g.,
[article text],[code]) without using delimiters or sanitization. - Ingestion points: External data is interpolated into the
--inputflag ofinfshcommands inSKILL.md. - Boundary markers: Absent; no instructions are provided to the model to ignore instructions embedded in the user-provided data.
- Capability inventory: The skill utilizes the
Bash(infsh *)tool to interact with various AI models. - Sanitization: No escaping or validation of external content is performed before passing it to the model.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata