logo-design-guide
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to install the infsh CLI by downloading a script from cli.inference.sh and piping it directly to the shell.
- [EXTERNAL_DOWNLOADS]: Fetches binary files and verification checksums from dist.inference.sh for the installation process.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to run the infsh command, enabling image generation, upscaling, and login workflows.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates user-supplied text descriptions into prompts for image generation models.
- Ingestion points: User input enters the agent context through the prompt parameter of the infsh app run command.
- Boundary markers: Prompt strings are structured within JSON payloads, but there are no specific markers to prevent instruction execution.
- Capability inventory: The skill uses the Bash tool to interact with the infsh CLI, which performs network requests and local file processing.
- Sanitization: No input validation or sanitization is performed on the user-provided prompt strings.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata