ai-image-generation
Fail
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation guide in SKILL.md uses the command
curl -fsSL https://cli.inference.sh | sh. This pattern is high-risk because it executes a remote script directly in the shell without any verification or oversight, allowing the source to run arbitrary code on the host machine. - [EXTERNAL_DOWNLOADS]: The 'Related Skills' section suggests adding multiple external skills via
npx skills add inference-sh/skills@.... This fetches and executes code from unverified third-party repositories on the npm registry, which could lead to supply chain attacks. - [COMMAND_EXECUTION]: The skill explicitly allows the use of the
Bash(infsh *)tool. Since theinfshbinary is installed via an unverified remote script, the agent is granted the capability to execute commands from a potentially compromised or malicious source. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8). Ingestion points: The
--inputflag ininfsh app run(SKILL.md) accepts JSON objects containing user-controlled prompt strings. Boundary markers: There are no delimiters or specific instructions provided to the agent to treat the input as data rather than potential commands. Capability inventory: The skill allows command execution viaBash(infsh *). Sanitization: The instructions do not include any steps to sanitize or escape the user input before it is passed to the CLI.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata