flux-image
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (HIGH): The skill instructs the execution of
curl -fsSL https://cli.inference.sh | sh. This is a critical security risk as it pipes a remote script directly into a shell interpreter without prior verification. An attacker who compromises the source domain could achieve full system compromise. - External Downloads (MEDIUM): The skill relies on an external binary (
infsh) downloaded fromdist.inference.sh. This source is not included in the list of trusted external organizations, and the binary exists outside of standard, audited package registries like PyPI or NPM. - Command Execution (MEDIUM): The skill is granted broad access to the
infshcommand viaBash(infsh *). While scoped to a specific binary, the lack of input sanitization and the nature of the tool (which interacts with remote APIs and manages logins) increases the attack surface. - Indirect Prompt Injection (LOW):
- Ingestion points: User-provided
promptandimage_urlvalues are interpolated intoinfshcommand arguments. - Boundary markers: Absent. The skill uses raw JSON strings within shell commands to pass user input.
- Capability inventory: The skill can execute the
infshtool, which performs network operations and likely handles authentication tokens (infsh login). - Sanitization: No sanitization or escaping of the user-provided prompt is performed before it is passed to the shell command, allowing for potential command argument injection if the agent is not careful.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata