background-removal
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (CRITICAL): The skill documentation suggests installing the inference.sh CLI by piping a remote script directly into the shell:
curl -fsSL https://cli.inference.sh | sh. This is a high-risk pattern that executes unverified code from a non-whitelisted domain in the user environment. - Command Execution (MEDIUM): The skill requests permission for the
Bash(infsh *)tool, allowing the agent to execute any sub-command of theinfshutility. This provides the agent with broad capabilities to interact with external APIs and systems. - External Downloads (LOW): The skill references the addition of related skills via
npx, which involves downloading and executing packages from the npm registry at runtime. - Indirect Prompt Injection (LOW): The skill processes user-controlled data such as image URLs and prompt strings which are interpolated into shell commands. Evidence: 1. Ingestion points:
image_urlandpromptparameters in SKILL.md examples. 2. Boundary markers: Absent. 3. Capability inventory:Bash(infsh *)commands in SKILL.md. 4. Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata