Skills
skills/neversight/skills_feed/ai-automation-workflows/Gen Agent Trust Hub

ai-automation-workflows

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill utilizes a piped remote execution pattern: curl -fsSL https://cli.inference.sh | sh. This is a confirmed critical vulnerability as it allows unverified, arbitrary code from a non-trusted external source to be executed with the privileges of the user.
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill downloads and executes scripts from https://cli.inference.sh. This domain is not part of the established Trusted External Sources list (e.g., GitHub official orgs, verified package registries), making the source unverifiable.
  • [COMMAND_EXECUTION] (MEDIUM): The skill's primary purpose is to orchestrate workflows using bash scripts and a Python SDK. While this is the intended functionality, combined with the insecure installation method, it provides a powerful post-exploitation surface for an attacker.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:39 PM