Skills
skills/1nfsh-s3/skills/app-store-screenshots/Gen Agent Trust Hub

app-store-screenshots

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): The installation instructions for this skill include 'curl -fsSL https://cli.inference.sh | sh', which executes a remote script directly in the shell. This is a critical vulnerability allowing for arbitrary code execution from a third-party server.
  • EXTERNAL_DOWNLOADS (HIGH): The skill fetches binaries from 'dist.inference.sh', a domain that is not included in the list of trusted organizations or repositories.
  • COMMAND_EXECUTION (MEDIUM): The skill uses the Bash tool to execute the 'infsh' CLI, which could be compromised via the untrusted installation process.
  • PROMPT_INJECTION (LOW): Surface for indirect prompt injection exists in the image/video generation tasks. Evidence: 1. Ingestion points: Prompts in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: infsh tool execution via Bash. 4. Sanitization: None.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 19, 2026, 07:36 PM