press-release-writing
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides installation instructions that use the
curl -fsSL https://cli.inference.sh | shpattern. This method downloads and executes a script directly from a remote server in the user's shell environment without prior inspection or verification. - [EXTERNAL_DOWNLOADS]: Setup and operation of the skill involve downloading binaries from
dist.inference.sh. These external resources are required for the tool's core functionality but are retrieved from a non-standard domain. - [COMMAND_EXECUTION]: The skill is configured with
allowed-tools: Bash(infsh *), which permits the agent to execute shell commands. This capability is used to interact with theinfshCLI for authentication and running search applications. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted data from the live web via
tavily/search-assistantandexa/searchtools. - Ingestion points: Data enters the context through research commands in
SKILL.mdusing theinfshtool. - Boundary markers: No clear delimiters or warnings are used to instruct the agent to ignore instructions embedded within the retrieved search results.
- Capability inventory: The skill possesses the
Bashcapability to execute CLI commands and interact with external APIs. - Sanitization: There is no evidence of sanitization or filtering of the content returned from external search providers before it is processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata