prompt-engineering
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill contains the command 'curl -fsSL https://cli.inference.sh | sh' which downloads and executes a script directly in the shell. This pattern is a critical security risk as it allows for arbitrary code execution from a source not recognized as a trusted vendor.
- [EXTERNAL_DOWNLOADS]: The skill references multiple external domains including 'cli.inference.sh', 'dist.inference.sh', and 'cloud.inference.sh' to fetch binaries and configuration files. None of these domains are included in the trusted vendors list or recognized as well-known technology services.
- [COMMAND_EXECUTION]: The skill requests permission to use the 'Bash' tool with the 'infsh' command. Since 'infsh' is installed via an unverified remote script, any subsequent execution of this tool constitutes a high-risk command execution vulnerability.
- [PROMPT_INJECTION]: The skill provides various prompt templates that ingest untrusted data without security controls.
- Ingestion points: Prompt templates for article summarization and sentiment analysis.
- Boundary markers: Absent; no delimiters are used to separate user data from instructions.
- Capability inventory: The agent has access to 'Bash' for executing CLI tools.
- Sanitization: Absent; user input is interpolated directly into the prompt strings.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata