Skills
AGENT LAB: SKILLS
skills/inference-sh-3/skills/app-store-screenshots/Gen Agent Trust Hub

app-store-screenshots

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill explicitly recommends the command curl -fsSL https://cli.inference.sh | sh. Piped execution of remote scripts is a high-severity risk as the script source is not a trusted provider (e.g., official GitHub orgs listed in the security policy) and the content can be modified by the server at any time without integrity checks.
  • [EXTERNAL_DOWNLOADS] (HIGH): In addition to the CLI installer, the skill uses npx skills add to download and install multiple packages from inference-sh/skills. Since this organization is not in the trusted list, these packages are considered unverifiable dependencies.
  • [COMMAND_EXECUTION] (MEDIUM): The allowed-tools configuration permits Bash(infsh *), which allows the agent to execute any sub-command of the infsh utility. This third-party binary has significant capabilities (running remote models, managing logins) that could be abused if compromised.
  • [PROMPT_INJECTION] (LOW): The skill template provides examples where user-provided prompt strings are interpolated directly into shell command arguments (--input '{"prompt": "..."}') without boundary markers or sanitization.
  • Ingestion points: Prompt fields within the infsh command examples in SKILL.md.
  • Boundary markers: None (plain JSON string interpolation).
  • Capability inventory: Shell execution via the infsh binary.
  • Sanitization: No escaping or validation of the prompt content is present.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 19, 2026, 03:41 AM