email-design
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the user to run 'curl -fsSL https://cli.inference.sh | sh', which downloads and executes a remote shell script without prior verification or sandboxing.
- [EXTERNAL_DOWNLOADS]: The installation process fetches binary assets from 'dist.inference.sh' and utilizes 'npx' to install additional components, involving unverified remote downloads.
- [COMMAND_EXECUTION]: The skill makes extensive use of the 'infsh' command-line tool to perform tasks like user authentication and application execution through the host shell.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata