ai-product-photography
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Remote Code Execution] (HIGH): The installation instructions use
curl -fsSL https://cli.inference.sh | sh. Executing remote code from an untrusted domain via a pipe to shell is a high-severity risk that grants the remote server the ability to execute arbitrary commands on the user's machine. - [External Downloads] (MEDIUM): The skill utilizes
npx skills addto fetch multiple dependencies frominference-sh/skills. Since this organization is not on the trusted list, it introduces a potential supply-chain vulnerability. - [Command Execution] (MEDIUM): The tool definition
Bash(infsh *)allows the agent to execute any subcommand of theinfshbinary. When combined with the untrusted installation method, this represents a significant security surface. - [Indirect Prompt Injection] (LOW): The skill ingests user-provided text to generate image prompts via the
infshcommand. Ingestion points: Prompt fields in Bash examples inSKILL.md. Boundary markers: JSON wrappers are used but the prompt content itself is unconstrained. Capability inventory: Subprocess execution via Bash tool defined in frontmatter. Sanitization: No visible sanitization or escaping of the prompt content before passing it to the CLI.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata