product-hunt-launch
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute
infshCLI commands. These commands interact with external AI models (fal.ai) and search engines (Tavily, Exa) to generate marketing assets and perform market research. - [EXTERNAL_DOWNLOADS]: The documentation instructs users to install the
infshCLI and additional related skills from theinference-sh/skillsrepository. These are recognized as legitimate vendor resources associated with the author 'tul-sh'. - [DATA_EXFILTRATION]: The skill ingests data from external sources via search tools (
tavily/search-assistant,exa/search). While this represents a surface for indirect prompt injection (Category 8), the risk is low as the data is used for informational research and no sensitive local files or credentials are targeted for exfiltration.
Audit Metadata