ai-image-generation
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill explicitly recommends running
curl -fsSL https://cli.inference.sh | sh. This is a highly dangerous pattern that fetches and executes code from a remote server without verification. An attacker compromising this domain could achieve full system takeover.- EXTERNAL_DOWNLOADS (HIGH): The skill relies on binaries and scripts hosted atinference.sh, which is not a verified or trusted source according to the [TRUST-SCOPE-RULE]. There is no checksum or version pinning provided to ensure the integrity of the downloaded CLI.- COMMAND_EXECUTION (MEDIUM): The skill requests permission to run anyinfshcommand via the Bash tool. Given that the tool itself is installed via an insecure method, all subsequent tool calls inherit the risk of the initial compromise.- DATA_EXPOSURE (LOW): Theinfsh logincommand implies the handling of sensitive API credentials or tokens. While expected for the service, these credentials would be accessible to the untrusted CLI downloaded in the previous step.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata