agent-tools
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to download and execute an installation script directly from
https://cli.inference.shusing a pipe-to-shell pattern. - [EXTERNAL_DOWNLOADS]: The skill fetches platform-specific binaries, manifest files, and SHA-256 checksums from
dist.inference.shfor manual installation and updates. - [COMMAND_EXECUTION]: The skill relies on the
infshCLI tool to perform operations such as running AI apps, authenticating users, and managing task states. Access is scoped to theinfshcommand via theallowed-toolsconfiguration. - [INDIRECT_PROMPT_INJECTION]: The skill accepts external data as input for AI models, which could potentially contain malicious instructions.
- Ingestion points: Data provided via the
--inputflag ininfsh app runcommands, either as JSON strings or file paths. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are used when passing data to the CLI.
- Capability inventory: Shell execution of the
infshtool for processing AI tasks. - Sanitization: Input data is passed directly to the CLI tool without explicit sanitization or validation within the skill instructions.
Audit Metadata