competitor-teardown
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill recommends an installation procedure ('curl -fsSL https://cli.inference.sh | sh') that pipes a remote script directly to the shell. This is a high-risk pattern that allows for arbitrary code execution from an untrusted source.
- [REMOTE_CODE_EXECUTION]: The skill includes functionality to execute dynamically generated Python code via the 'infsh/python-executor' tool. While used for data visualization in examples, this provides a mechanism for running arbitrary scripts.
- [COMMAND_EXECUTION]: The skill is configured with 'Bash(infsh *)' permissions, allowing it to execute various commands and sub-apps via the inference.sh CLI, which increases the potential impact of any malicious input.
- [EXTERNAL_DOWNLOADS]: The skill documentation mentions downloading binaries from 'dist.inference.sh' and verifying checksums, which involves fetching and potentially executing content from an external domain not on the trusted list.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing untrusted data from web search results and website content. Ingestion points: Results from 'tavily/search-assistant', 'exa/search', and 'infsh/agent-browser'. Boundary markers: None; there are no delimiters or instructions to ignore embedded commands in the processed data. Capability inventory: Execution of shell commands and Python code. Sanitization: None; external content is not validated or sanitized before being incorporated into the agent's context.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata