character-design-sheet
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides an installation command
curl -fsSL https://cli.inference.sh | sh. This pattern downloads a shell script from a remote URL and executes it immediately in the terminal, posing a risk of arbitrary code execution if the source server is compromised.\n- [EXTERNAL_DOWNLOADS]: The skill references the download of binaries fromdist.inference.shand provides links to checksum verification files (dist.inference.sh/cli/checksums.txt) for the CLI installation process.\n- [COMMAND_EXECUTION]: The skill utilizes theinfshCLI tool via Bash to execute various image generation models (e.g.,falai/flux-dev-lora) and utility apps (e.g.,infsh/stitch-images) with JSON-formatted inputs.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata