product-hunt-launch
Fail
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill downloads and executes a script from https://cli.inference.sh by piping it directly into sh. This is a critical risk allowing for arbitrary code execution on the host system.
- [EXTERNAL_DOWNLOADS]: The skill fetches resources from https://cli.inference.sh, which is an untrusted external domain not included in the trusted vendors list.
- [COMMAND_EXECUTION]: The skill executes the infsh and npx commands to interact with external services and install additional skills.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to its data ingestion patterns.
- Ingestion points: The skill pulls data from external search providers via the tavily/search-assistant and exa/search tools.
- Boundary markers: No delimiters or instructions are used to separate untrusted search results from system instructions.
- Capability inventory: The skill has access to the Bash tool, which could be exploited if malicious commands are returned in search results.
- Sanitization: There is no evidence of sanitization or validation of the content returned from external search tools.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata