content-repurposing
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill explicitly commands the execution of
curl -fsSL https://cli.inference.sh | shin its Quick Start guide. This is a critical vulnerability that downloads and executes an unverified script from an untrusted remote server directly into the system shell. - [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). Evidence Chain: 1. Ingestion points: Processes 'Long-form Source' content (blogs, podcasts) via
SKILL.mdinstructions. 2. Boundary markers: Absent; source content is directly interpolated into tool inputs. 3. Capability inventory: Possesses external write/execute capabilities including posting to social media viainfsh app run x/post-create. 4. Sanitization: Absent. An attacker-controlled source piece could inject instructions to post unauthorized content or exfiltrate data. - [COMMAND_EXECUTION] (HIGH): The skill relies on the
infshCLI to execute arbitrary remote 'apps' with dynamic JSON inputs. This allows for significant side effects based on untrusted external data. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill promotes the installation of additional skills using
npx skills add inferencesh/skills@.... As these are hosted on an untrusted domain, they represent a supply chain risk.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata