Skills
skills/neversight/skills_feed/social-media-carousel/Gen Agent Trust Hub

social-media-carousel

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill implements a piped remote execution pattern where a script is downloaded via curl and immediately executed by the shell.\n
  • Evidence: curl -fsSL https://cli.inference.sh | sh found in SKILL.md. The source inference.sh is not a trusted repository, allowing for arbitrary, unvetted code execution on the host machine.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill attempts to install additional unverified dependencies at runtime.\n
  • Evidence: npx skills add inferencesh/skills@... commands in SKILL.md pull external code from a third-party source not listed in the trusted organizations list.\n- [COMMAND_EXECUTION] (MEDIUM): The skill requests broad shell tool permissions.\n
  • Evidence: The allowed-tools section in SKILL.md specifies Bash(infsh *), which grants the agent the ability to execute any subcommand under the infsh CLI, increasing the potential impact of a prompt injection attack.\n- [PROMPT_INJECTION] (LOW): The skill exhibits an attack surface for indirect prompt injection.\n
  • Ingestion points: Untrusted HTML and text data are processed by the infsh app run command in SKILL.md.\n
  • Boundary markers: Absent; there are no clear delimiters or instructions to ignore embedded commands in the processed data.\n
  • Capability inventory: The skill utilizes the Bash(infsh *) tool to interact with remote APIs and local systems.\n
  • Sanitization: None detected; user-provided text or HTML is directly interpolated into the command-line arguments.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 19, 2026, 01:20 AM