Skills
skills/1nfsh-s3/skills/book-cover-design/Gen Agent Trust Hub

book-cover-design

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Remote Code Execution (CRITICAL): The skill instructs the user/agent to execute curl -fsSL https://cli.inference.sh | sh. This is a high-risk piped remote execution pattern. The source domain inference.sh is not a trusted external source (e.g., GitHub/Vercel/OpenAI), meaning the contents of the script are unverified and can be changed by the owner at any time to execute malicious code.
  • Dynamic Execution (MEDIUM): The skill uses npx skills add to fetch and execute remote skills from inference-sh/skills. This introduces external dependencies from an untrusted source that could perform unverified operations at runtime.
  • Indirect Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection due to its processing of untrusted data.
  • Ingestion points: User input is interpolated directly into infsh app run prompts (SKILL.md).
  • Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands within the prompt strings.
  • Capability inventory: The skill utilizes the Bash tool to execute shell commands (SKILL.md).
  • Sanitization: Absent; the prompts are passed to the CLI tool without escaping or validation, potentially allowing for shell argument injection if the agent is coerced.
  • Data Exposure & Exfiltration (LOW): The skill initiates network operations via curl and the infsh CLI to a non-whitelisted domain (inference.sh). While consistent with the stated purpose of image generation, it establishes a communication channel with an untrustworthy external endpoint.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 19, 2026, 08:04 PM