newsletter-curation
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides the command
curl -fsSL https://cli.inference.sh | sh, which downloads and executes a script from a remote URL. This pattern allows for arbitrary code execution and is highly discouraged because the script content is not verified before it runs. - [EXTERNAL_DOWNLOADS]: The skill requires downloading content and tools from
https://cli.inference.shandhttps://dist.inference.sh, which are not recognized as trusted sources. - [COMMAND_EXECUTION]: The skill uses the
Bashtool to run theinfshCLI and its associated applications, such astavily/search-assistantandexa/search. These tools make external network connections to retrieve data. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection based on the following evidence:
- Ingestion points: Data from search assistants (
tavily/search-assistant,exa/search) is ingested into the agent context (file:SKILL.md). - Boundary markers: There are no boundary markers or instructions to ignore embedded commands in the external data.
- Capability inventory: The agent can execute commands via the
infshtool using theBashcapability. - Sanitization: There is no validation or sanitization of content retrieved from the web before it is processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata