Skills
skills/1nfsh-s3/skills/og-image-design/Gen Agent Trust Hub

og-image-design

Fail

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill's documentation includes a command to install a CLI tool by piping a remote script to a shell: curl -fsSL https://cli.inference.sh | sh. This pattern allows for arbitrary code execution from a remote source.
  • [EXTERNAL_DOWNLOADS]: As part of its setup and functionality, the skill downloads a binary from dist.inference.sh and references external packages via npx from the inference-sh organization on the npm registry.
  • [COMMAND_EXECUTION]: The skill is configured to use the infsh tool via the Bash environment (authorized via allowed-tools: Bash(infsh *)) to execute various remote applications for image generation and search functions.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. Evidence Chain: 1) Ingestion Point: User-provided text (titles, subtitles) is interpolated into HTML strings in SKILL.md. 2) Boundary Markers: Absent (no delimiters or 'ignore' instructions). 3) Capability Inventory: Uses infsh to execute the html-to-image application. 4) Sanitization: Absent (no HTML escaping or input validation is performed).
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 8, 2026, 02:51 AM