press-release-writing
Warn
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'infsh' CLI tool and 'npx' to execute commands for research, account login, and managing skill extensions.\n- [EXTERNAL_DOWNLOADS]: The skill fetches installation scripts and code from 'raw.githubusercontent.com/inference-sh' and uses 'npx' to download packages from the 'inference-sh' scope. These sources do not match the identified author's ('skillssh') known infrastructure patterns.\n- [REMOTE_CODE_EXECUTION]: The use of 'npx skills add' involves downloading and executing code from a remote repository to extend the agent's capabilities with new tools.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its research features. \n
- Ingestion points: User-provided research queries processed by the 'infsh' tool (SKILL.md).\n
- Boundary markers: Queries are encapsulated in JSON but lack instructions for the agent to ignore embedded commands.\n
- Capability inventory: The skill can execute shell commands via 'infsh' and Bash.\n
- Sanitization: There is no evidence of input validation or escaping for user-supplied data before it is passed to external tools.
Audit Metadata