image-upscaling
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill documentation instructs the user/agent to execute a piped shell script from an untrusted external source.
- Evidence:
curl -fsSL https://cli.inference.sh | shin SKILL.md. This pattern allows the remote server to execute any command on the host system without verification. - COMMAND_EXECUTION (MEDIUM): The skill requests broad permission to execute any subcommand of the
infshtool. - Evidence:
allowed-tools: Bash(infsh *). While restricted to one binary, the lack of subcommand filtering combined with the insecure installation method increases the attack surface. - EXTERNAL_DOWNLOADS (LOW): The skill references and encourages the addition of other external skills via
npxfrom a third-party source. - Evidence:
npx skills add inference-sh/skills@...in the 'Related Skills' section.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata