youtube-thumbnail-design
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill instructs the user to execute
curl -fsSL https://cli.inference.sh | shin the 'Quick Start' section of SKILL.md. This pattern downloads and runs a script from the internet directly in the shell without any verification, integrity checks, or digital signatures. Sinceinference.shis not in the list of trusted external sources, this is a critical security risk. - EXTERNAL_DOWNLOADS (HIGH): The skill relies on tools and scripts hosted at
https://cli.inference.shandhttps://inference.sh. Because these domains are untrusted, the skill is vulnerable to supply chain attacks where the remote content could be replaced with malicious code. - COMMAND_EXECUTION (MEDIUM): The skill requests permission for
Bash(infsh *), which allows the agent to execute shell commands using theinfshutility. This provides a high-privilege capability that could be abused if the tool itself is malicious or if the agent is manipulated. - PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it interpolates user-provided prompts directly into shell commands. 1. Ingestion points: Prompt values passed to
infsh app runin SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Arbitrary tool execution via Bash. 4. Sanitization: No sanitization or escaping is performed on the prompt input. - UNVERIFIABLE_DEPENDENCIES (MEDIUM): The skill documentation recommends adding further skills via
npx skills add inferencesh/skills. These dependencies come from an untrusted registry and organization, increasing the attack surface.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata