flux-image
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation includes a command to install the vendor's CLI by piping a script from
https://cli.inference.shdirectly to a shell interpreter. This is the vendor's primary installation method but involves executing code from a remote source. - [COMMAND_EXECUTION]: The skill requests broad permission to execute any bash command starting with
infsh, which is the CLI for the inference.sh platform. - [EXTERNAL_DOWNLOADS]: During installation, the skill fetches system-specific binaries and SHA-256 checksums from
dist.inference.sh. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to how it handles external data. * Ingestion points: The skill processes user-supplied text prompts and remote image URLs through the
infsh app runcommand. * Boundary markers: No delimiters or specific safety instructions are used to separate untrusted data from the command structure. * Capability inventory: The agent is authorized to executeinfshCLI commands which interact with remote AI model APIs. * Sanitization: There is no evidence of input validation, escaping, or filtering for the data being passed to the CLI tool.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata