product-photography
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation instructs users to install the CLI tool using 'curl -fsSL https://cli.inference.sh | sh'. This method fetches a script from a remote server and executes it directly in the shell, posing a risk if the vendor's delivery infrastructure is compromised.\n- [EXTERNAL_DOWNLOADS]: The skill facilitates downloading binary executables from 'dist.inference.sh' and additional skill modules via 'npx' from the 'inference-sh' GitHub organization. These external dependencies are required for core functionality but originate from outside the agent's local environment.\n- [COMMAND_EXECUTION]: The skill requires the 'Bash(infsh *)' tool to run image generation tasks. The use of shell commands to execute tasks based on user-supplied strings (prompts) creates a surface for command injection if inputs are not properly escaped.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).\n
- Ingestion points: User-provided text is interpolated into JSON strings within shell commands (e.g., 'infsh app run').\n
- Boundary markers: The input is enclosed in single-quoted JSON objects, but the skill lack instructions to the agent regarding the untrusted nature of the content.\n
- Capability inventory: The agent has access to the 'Bash' tool, which could be exploited if shell breakouts occur through crafted prompts.\n
- Sanitization: There is no evidence of sanitization or validation logic to ensure that special characters in prompts do not interfere with shell command structure.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata