ai-rag-pipeline
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Remote Code Execution (CRITICAL): The file
SKILL.mdcontains the commandcurl -fsSL https://cli.inference.sh | sh. This is a highly dangerous pattern that downloads and executes code from a non-whitelisted, untrusted remote source directly in the user's shell. - Command Execution (HIGH): Throughout
SKILL.md, the skill demonstrates bash patterns where variables containing external search results (e.g.,$SEARCH_RESULT,$CONTENT,$EVIDENCE) are interpolated directly into shell commands (infsh app run ...). Because these variables contain untrusted data from the web, an attacker could use shell metacharacters (like backticks or$()) in web content to execute arbitrary commands on the local system. - Indirect Prompt Injection (LOW): The skill's primary function is to ingest untrusted web data and pass it to an LLM. * Ingestion points:
SEARCH_RESULT,TAVILY,EXA,CONTENTvariables. * Boundary markers: Minimal; uses simple labels like 'Source 1' but lacks robust delimiters or 'ignore' instructions. * Capability inventory: Access toinfshCLI, which allows network operations and further app execution. * Sanitization: None detected; search results are directly embedded into JSON prompt strings.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata