book-cover-design
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides an installation command
curl -fsSL https://cli.inference.sh | sh. This 'curl-pipe-to-shell' pattern fetches and executes a remote script with the user's local privileges, which is a significant security risk as the script's contents are not inspected before execution. - [EXTERNAL_DOWNLOADS]: The skill relies on external resources from
inference.shanddist.inference.shfor its core functionality. Additionally, it references external skill packages vianpx skills add, which introduces unverified third-party dependencies from the npm registry. - [COMMAND_EXECUTION]: The skill is configured to use the
Bashtool to run theinfshcommand-line utility. This grants the agent the ability to execute commands within the scope of that tool, which could be exploited if the tool itself contains vulnerabilities.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata