ai-image-generation
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill explicitly instructs the execution of
curl -fsSL https://cli.inference.sh | sh. This pattern allows an external server to execute arbitrary shell commands on the user's machine without prior inspection. The domain inference.sh is not among the verified trusted sources. - [EXTERNAL_DOWNLOADS] (HIGH): The skill downloads and installs a CLI binary from
dist.inference.sh. Although the documentation claims to verify SHA-256 checksums, the bootstrap script itself is downloaded over the network and executed immediately, creating a high-risk supply chain vector. - [COMMAND_EXECUTION] (MEDIUM): The skill requests permission for
Bash(infsh *), which grants the agent the ability to execute any command through theinfshtool. Since the tool is installed via an untrusted remote script, the entire command chain is compromised. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill accepts user-provided prompts that are interpolated into a JSON string and passed to external AI models via
infsh app run. - Ingestion points: The
--inputflag in multipleinfshcommands. - Boundary markers: Prompts are wrapped in JSON objects.
- Capability inventory: Subprocess execution via
infshCLI. - Sanitization: No visible escaping or validation of the prompt content before it is passed to the shell command.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata