web-search
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation includes an installation command
curl -fsSL https://cli.inference.sh | shwhich downloads and executes a script from a remote server without verification. This is a high-risk pattern that allows a third-party server to execute arbitrary code on the user's system. - [COMMAND_EXECUTION]: The skill requires the
Bashtool with a wildcard permission for theinfshcommand. This grants the agent significant power to execute system-level commands, which could be abused if the agent is compromised or misled by external input. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to how it handles web content extraction.
- Ingestion points: The skill uses
tavily/extractandexa/extractapps to fetch text and data from external URLs. - Boundary markers: There are no boundary markers or instructions to treat the extracted web content as untrusted data.
- Capability inventory: The agent has access to the host system via the
Bashtool and theinfshCLI. - Sanitization: The skill lacks any mechanism for sanitizing or filtering the content retrieved from the web before it is passed to the language model for analysis.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata