competitor-teardown
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (CRITICAL): The command 'curl -fsSL https://cli.inference.sh | sh' was detected. This pattern executes remote code without validation. * Evidence: Automated scan confirmed detection of this pattern. * Risk: Allows an attacker to run arbitrary commands on the host machine.
- External Downloads (HIGH): The skill attempts to download and execute code from 'https://cli.inference.sh', which is not on the trusted sources list.
- Indirect Prompt Injection (LOW): As a 'Competitor Teardown' tool, the skill likely ingests untrusted data from external competitor sources. * Ingestion point: External competitor data via analyzed files or web content. * Boundary markers: Absent. * Capability: Command execution via shell. * Sanitization: None detected.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata