email-design
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references several external dependencies from the vendor's repository (inference-sh/skills) to be installed via
npx. These are vendor-owned resources. - [COMMAND_EXECUTION]: The skill uses the
infshCLI to perform login and execute specific applications. This behavior is documented and aligns with the skill's purpose of generating email assets. - [REMOTE_CODE_EXECUTION]: Remote applications are invoked via
infsh app runto process HTML or prompts into images. This includes vendor-owned tools (infsh/html-to-image) and recognized third-party AI services (falai/flux-dev-lora). - [SAFE]: No malicious patterns, prompt injections, data exfiltration attempts, or obfuscation techniques were detected. The usage of the Bash tool is restricted to the vendor's CLI.
Audit Metadata