Skills
skills/inference-sh-3/skills/ai-image-generation/Gen Agent Trust Hub

ai-image-generation

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides installation instructions that download and execute a shell script from the vendor's domain.
  • Evidence: curl -fsSL https://cli.inference.sh | sh in SKILL.md.
  • Context: This is a common pattern for installing CLI tools and originates from the vendor's own infrastructure.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to run the infsh CLI for model inference.
  • Evidence: allowed-tools: Bash(infsh *) and multiple examples such as infsh app run falai/flux-dev-lora.
  • [DATA_EXFILTRATION]: Prompt data and image URLs provided by the user are sent to the inference.sh platform and third-party model providers (Google, xAI, Bytedance, etc.) for processing.
  • Evidence: Model IDs such as google/gemini-3-pro-image-preview and xai/grok-imagine-image used in CLI commands.
  • [PROMPT_INJECTION]: The skill processes user-supplied text prompts which are interpolated into CLI commands, creating a surface for indirect prompt injection.
  • Ingestion points: The --input JSON parameter in SKILL.md.
  • Boundary markers: Commands use JSON formatting to structure the input data.
  • Capability inventory: Shell command execution via the infsh binary.
  • Sanitization: No explicit sanitization or filtering is performed on the prompt text within the skill body.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 01:02 AM