twitter-automation
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The Quick Start section of the SKILL.md file instructs users to execute
curl -fsSL https://cli.inference.sh | sh, which downloads and executes a script from a remote URL directly in the shell without verification. - [COMMAND_EXECUTION]: The skill's
allowed-toolsheader specifiesBash(infsh *), which grants the AI agent the capability to run any subcommand of theinfshCLI. - [EXTERNAL_DOWNLOADS]: The installation documentation indicates that binary files are downloaded from
dist.inference.sh, an external domain. - [COMMAND_EXECUTION]: The skill features an indirect prompt injection surface. 1. Ingestion points: the agent ingests data from external files such as
image.jsonandvideo.jsonproduced by tool outputs in the provided workflows. 2. Boundary markers: no delimiters or warnings are used to separate untrusted content from commands. 3. Capability inventory: the agent hasBash(infsh *)tool access across its scripts. 4. Sanitization: there is no evidence of validation, escaping, or filtering for the external data before it is interpolated into shell command arguments.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata