linkedin-content
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs users to run
curl -fsSL https://cli.inference.sh | sh. This is a highly insecure practice that executes a remote script directly in the user's shell without verification, checksums, or integrity checks. - [EXTERNAL_DOWNLOADS]: The skill encourages the dynamic installation of additional code via
npx skills add inferencesh/skills@.... This pulls third-party scripts from an external repository at runtime, introducing risks associated with unvetted dependencies. - [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to executeinfshcommands and run remote applications (infsh app run), which grants the agent the ability to execute broad commands and interact with external infrastructure beyond simple text generation.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata