product-hunt-launch
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation instructs the installation of the infsh CLI using 'curl -fsSL https://cli.inference.sh | sh'. This pattern is highly insecure as it downloads and executes a script from an unverified external domain directly in the system shell without verification of its contents or integrity.\n- [EXTERNAL_DOWNLOADS]: The skill utilizes 'npx skills add' to install additional components from the 'inferencesh' NPM scope. These dependencies are not from a trusted organization or well-known service, posing a risk of supply chain contamination.\n- [COMMAND_EXECUTION]: The skill requests permission for 'Bash(infsh *)', granting the agent the ability to execute any sub-command of the infsh utility. Since the tool is installed through an insecure method from an untrusted source, this broad permission significantly increases the attack surface.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. 1) Ingestion points: The skill ingests untrusted data from the 'tavily/search-assistant' and 'exa/search' tools. 2) Boundary markers: No delimiters or ignore-instructions warnings are present. 3) Capability inventory: The skill has the capability to execute shell commands via 'Bash(infsh *)'. 4) Sanitization: No validation or sanitization is performed on the search results before they are processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata