The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The installation instructions for the required CLI tool involve fetching a remote script and piping it directly to the shell (curl -fsSL https://cli.inference.sh | sh). This is a high-risk execution pattern, although it originates from the vendor's official domain.
[COMMAND_EXECUTION]: The skill's configuration explicitly allows the agent to execute any infsh command via the Bash tool (allowed-tools: Bash(infsh *)), providing broad control over the CLI's capabilities.
[DATA_EXFILTRATION]: The CLI is designed to automatically upload local files to the vendor's cloud infrastructure when a file path is provided in the input (e.g., infsh app run ... --input '{"image": "/path/to/photo.jpg"}'). This creates a surface for potential exposure of sensitive local data if misused by an agent.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes untrusted inputs (files and prompts) and has the capability to perform actions with side effects, such as posting to social media.
Ingestion points: Local file paths and JSON input strings provided to the infsh app run command as described in SKILL.md and references/running-apps.md.
Boundary markers: Absent. The instructions do not provide delimiters or warnings to the agent regarding instructions that might be embedded in processed files.
Capability inventory: Cloud-based AI app execution, network access to the vendor's API, local file reading, and integration with third-party services like Twitter/X.
Sanitization: Absent. The skill does not define any validation or sanitization for the inputs passed to the CLI.
[CREDENTIALS_UNSAFE]: The documentation references the infsh login command for local authentication and the use of the INFSH_API_KEY environment variable, which are sensitive credentials used to access the platform.

agent-tools