agent-tools
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The file SKILL.md and references/authentication.md instruct the execution of 'curl -fsSL https://cli.inference.sh | sh'. This 'curl-pipe-to-sh' pattern executes an unverified script from the internet. Since inference.sh is not a trusted source, this represents a critical vulnerability.
- EXTERNAL_DOWNLOADS (HIGH): The skill relies on downloading binaries and scripts from dist.inference.sh and cli.inference.sh. While some manual verification steps are suggested, the primary installation method bypasses safety checks.
- COMMAND_EXECUTION (MEDIUM): The skill utilizes the Bash tool to execute the 'infsh' command. This allows the agent to perform a wide range of tasks including running cloud-based AI apps, generating files, and potentially accessing local environment configurations.
- PROMPT_INJECTION (LOW): The skill acts as a surface for Indirect Prompt Injection. 1. Ingestion points: Data ingested from external model outputs and web searches via 'infsh app run' (documented in references/running-apps.md). 2. Boundary markers: No delimiters or instructions are used to separate untrusted data from the agent's context. 3. Capability inventory: Subprocess execution via 'Bash(infsh *)'. 4. Sanitization: No sanitization or validation of the external content is performed before processing.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata