pitch-deck-visuals
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions promote the use of
curl -fsSL https://cli.inference.sh | shfor installation. This 'pipe to shell' pattern allows an external server to execute arbitrary code on the host system without verification, which is a major security risk for AI agents executing automated tasks. - [COMMAND_EXECUTION]: The skill uses the
Bashtool to runinfshCLI commands, includinginfsh loginandinfsh app run. This enables the execution of system-level operations and interaction with remote infrastructure. - [EXTERNAL_DOWNLOADS]: The skill fetches and executes applications from
inference.shandfal.ai(e.g.,infsh/html-to-image,infsh/python-executor,falai/flux-dev-lora). These are external, non-whitelisted sources that execute logic outside the agent's direct control. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its architecture: 1. Ingestion points: Data provided for pitch deck slides is interpolated into HTML and Python templates used by the
infshtool. 2. Boundary markers: There are no boundary markers or instructions to ignore embedded commands in the interpolated data. 3. Capability inventory: The skill uses theBash(infsh *)tool to execute remote apps and code. 4. Sanitization: There is no evidence of input validation or escaping before data is processed by the execution tools.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata