Skills
skills/tul-sh/skills/data-visualization/Gen Agent Trust Hub

data-visualization

Fail

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill promotes an insecure installation method in SKILL.md: curl -fsSL https://cli.inference.sh | sh. This executes a remote shell script from an untrusted source with local user privileges, which is a major security risk.\n- [COMMAND_EXECUTION]: The skill relies on the infsh CLI to execute arbitrary code. Examples in SKILL.md show infsh app run infsh/python-executor and infsh app run infsh/html-to-image, which execute dynamically generated Python and HTML/JavaScript code respectively.\n- [EXTERNAL_DOWNLOADS]: The skill downloads external components from cli.inference.sh and dist.inference.sh, and additional skills via npx skills add. These sources are not recognized as trusted or well-known.\n- [PROMPT_INJECTION]: The skill exhibits a significant attack surface for indirect prompt injection (Category 8).\n
  • Ingestion points: Data processed for charts via the infsh command inputs in SKILL.md.\n
  • Boundary markers: No delimiters or warnings to ignore embedded instructions are present.\n
  • Capability inventory: The skill allows execution of Python and HTML/JavaScript through the infsh tool.\n
  • Sanitization: No input validation or sanitization is performed on the data before it is passed to the execution environment.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 4, 2026, 12:29 PM