newsletter-curation
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The file 'SKILL.md' contains a 'Quick Start' command: 'curl -fsSL https://cli.inference.sh | sh'. This pattern executes a remote script directly from an untrusted domain without verification, which is a major security risk.
- [COMMAND_EXECUTION] (HIGH): The skill defines 'allowed-tools: Bash(infsh *)', permitting the agent to run any subcommand of the 'infsh' tool. This provides a significant capability for an attacker to exploit if they can influence the agent's logic.
- [PROMPT_INJECTION] (MEDIUM): The skill is vulnerable to indirect prompt injection through external data ingestion. 1. Ingestion points: Search results from 'tavily/search-assistant' and 'exa/search' are used to curate content. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present. 3. Capability inventory: The skill can post to social media via 'x/post-create' and manipulate files. 4. Sanitization: No evidence of sanitization or validation of the search results is provided.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill references external resources and related skills from 'inferencesh/skills', which are not within the trusted source scope defined for this analysis.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata