Skills
skills/tul-sh/skills/logo-design-guide/Gen Agent Trust Hub

logo-design-guide

Fail

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides a 'Quick Start' command (curl -fsSL https://cli.inference.sh | sh) that downloads a script from an external domain and immediately executes it in the system shell. This is a high-risk pattern as the content of the script is not inspected or verified before execution, creating a direct path for arbitrary code execution from a non-trusted source.
  • [COMMAND_EXECUTION]: The skill relies on the execution of the infsh command-line tool via the Bash tool. This tool is used to interact with remote AI models and manage login sessions, granting the skill control over local command execution to perform its primary functions.
  • [EXTERNAL_DOWNLOADS]: The installation process fetches binary files from dist.inference.sh based on the user's operating system and architecture. While the skill claims these are verified with SHA-256 checksums, the entire process is initiated by the unverified remote script mentioned above.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 4, 2026, 12:29 PM