ai-product-photography
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill contains the command
curl -fsSL https://cli.inference.sh | sh. This is a classic 'pipe-to-shell' vulnerability where an external script is executed immediately upon download. The sourceinference.shis not a recognized trusted repository or organization. - EXTERNAL_DOWNLOADS (MEDIUM): The skill relies on an external binary downloaded from
dist.inference.sh. Although the documentation claims SHA-256 verification, the installation logic itself is untrusted and could be modified at the source. - PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection because it interpolates user-provided text directly into JSON payloads for shell commands.
- Ingestion points: User-provided prompts in
SKILL.mdexample commands. - Boundary markers: Absent; uses simple single/double quote wrapping which can be escaped.
- Capability inventory: Capability to execute shell commands via
Bash(infsh *)and interact with external APIs. - Sanitization: None detected; user input is passed directly to the
infshtool.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata