linkedin-content
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill documentation explicitly instructs users to execute
curl -fsSL https://cli.inference.sh | sh. This is a classic 'piped to shell' RCE pattern. Since 'inference.sh' is not in the Trusted External Sources list, this represents a significant risk as the remote script can be modified by the provider at any time to execute arbitrary code on the host machine. - EXTERNAL_DOWNLOADS (HIGH): In addition to the install script, the skill uses
npx skills add inference-sh/skills@...to pull in additional remote content. This creates an unverified chain of dependencies from an untrusted registry/repository. - COMMAND_EXECUTION (MEDIUM): The skill is configured with
allowed-tools: Bash(infsh *), which grants the agent broad permissions to execute commands using theinfshbinary. This tool is downloaded via the untrusted RCE method mentioned above, creating a compromised-tooling risk. - INDIRECT_PROMPT_INJECTION (LOW): The skill uses
infsh app run tavily/search-assistantto ingest search results. This is a vulnerability surface where external data could contain malicious instructions. - Ingestion points:
tavily/search-assistantoutput. - Boundary markers: Absent in the example prompts.
- Capability inventory:
infshcan perform cross-posting to social media (x/post-create) and image generation. - Sanitization: None detected in the skill instructions.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata