flux-image
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill instructs the agent to execute
curl -fsSL https://cli.inference.sh | sh. This pattern allows unverified remote code to be executed directly in the shell, bypassing standard security reviews and package management safety. - [EXTERNAL_DOWNLOADS] (HIGH): The skill downloads executable content from
cli.inference.sh, which is not on the list of trusted external sources. - [COMMAND_EXECUTION] (MEDIUM): The skill configures
allowed-tools: Bash(infsh *), granting the agent broad authority to execute any subcommand of the potentially maliciousinfshtool. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill possesses a surface for indirect prompt injection. 1. Ingestion points: untrusted data enters via 'prompt' and 'image_url' inputs. 2. Boundary markers: Absent. 3. Capability inventory: subprocess execution via
infsh. 4. Sanitization: No sanitization of input strings is performed before they are passed to the CLI tool.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata