press-release-writing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The SKILL.md file contains the instruction 'curl -fsSL https://cli.inference.sh | sh'. This is a high-risk untrusted remote code execution pattern that allows a remote server to execute arbitrary commands on the host machine.
- [COMMAND_EXECUTION] (HIGH): The skill is configured with 'allowed-tools: Bash(infsh *)', granting the agent broad permission to execute any subcommand within the infsh CLI environment, which significantly increases the blast radius of a potential compromise.
- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to indirect prompt injection. * Ingestion points: Fetches external content via 'tavily/search-assistant' and 'exa/search' (SKILL.md). * Boundary markers: None present. * Capability inventory: Access to the powerful 'infsh' CLI tool. * Sanitization: None implemented; external search data is directly incorporated into the agent's writing task.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill references 'npx skills add inferencesh/skills@web-search', which involves downloading code from the 'inferencesh' repository, a source not listed in the Trusted External Sources.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata