Skills
skills/1nfsh-s3/skills/background-removal/Gen Agent Trust Hub

background-removal

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Unverifiable Dependencies & Remote Code Execution (HIGH): The skill instructs the agent/user to run curl -fsSL https://cli.inference.sh | sh. This is a dangerous execution pattern that runs an unverified remote script from a non-whitelisted source.
  • Unverifiable Dependencies & Remote Code Execution (HIGH): The documentation recommends npx skills add inference-sh/skills, which executes code from an untrusted third-party npm organization.
  • Command Execution (MEDIUM): The skill requests permission to execute Bash(infsh *). This capability depends on the security of the third-party infsh binary installed via the insecure shell pipe.
  • Indirect Prompt Injection (LOW): The skill is susceptible to indirect injection through user-controlled image URLs. 1. Ingestion points: image_url parameters in JSON inputs. 2. Boundary markers: Absent. 3. Capability inventory: Bash execution via infsh. 4. Sanitization: None detected.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 19, 2026, 08:07 PM