data-visualization
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Remote Code Execution (CRITICAL): The skill employs a piped remote execution pattern (
curl -fsSL https://cli.inference.sh | sh). This technique retrieves a script from an untrusted external domain and executes it immediately via the shell, which is a primary vector for malware installation and unauthorized access. - Command Execution (HIGH): The use of the system shell (
sh) to execute unverified external payloads bypasses execution security controls and allows for arbitrary command execution on the host machine. - External Downloads (MEDIUM): The skill attempts to download code from
https://cli.inference.sh, a domain that is not part of the trusted external sources list, posing a significant supply chain risk.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata