Skills
skills/inf-sh/skills/app-store-screenshots/Gen Agent Trust Hub

app-store-screenshots

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): The skill contains a piped shell command: curl -fsSL https://cli.inference.sh | sh. This pattern is highly dangerous as it fetches a script from the internet and executes it immediately with the user's permissions, providing no opportunity for audit or integrity verification.
  • EXTERNAL_DOWNLOADS (HIGH): The skill references an external domain inference.sh which is not on the list of trusted GitHub organizations or repositories. Any content retrieved from this source is considered untrusted.
  • COMMAND_EXECUTION (MEDIUM): The skill requests access to the Bash tool specifically to run the infsh command and the installation script. While required for the skill's stated purpose, it facilitates the critical RCE finding.
  • INDIRECT PROMPT INJECTION (LOW): The skill processes untrusted input strings through the prompt and input fields in several infsh tool calls (e.g., in SKILL.md).
  • Ingestion points: prompt field in JSON objects passed to infsh app run.
  • Boundary markers: Absent. Inputs are interpolated directly into shell command arguments.
  • Capability inventory: Access to Bash tool, network access via infsh.
  • Sanitization: None detected in the static instructions.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 01:52 AM