Skills
skills/pedronauck/skills/pitch-deck-visuals/Gen Agent Trust Hub

pitch-deck-visuals

Fail

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs users to install a CLI tool using the pattern curl -fsSL https://cli.inference.sh | sh. This method downloads and executes code from a remote server without any verification or integrity checks, posing a significant risk if the source domain is compromised.
  • [EXTERNAL_DOWNLOADS]: The skill fetches additional capabilities from an external repository using the npx skills add command, targeting packages like inferencesh/skills@competitor-teardown.
  • [COMMAND_EXECUTION]: The skill makes heavy use of the infsh command-line interface to perform actions and executes dynamic Python snippets via a python-executor tool to render charts and other visual assets.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 18, 2026, 01:53 AM