background-removal
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Remote Code Execution] (CRITICAL): The installation instructions promote the command 'curl -fsSL https://cli.inference.sh | sh'. This is a high-risk pattern that executes unverified code from a remote server directly in the system shell, bypassing all security inspections.
- [External Downloads] (HIGH): The skill relies on the 'infsh' CLI and external apps from the 'inference.sh' platform. Neither the domain nor the organization is listed as a trusted source, creating a high risk of supply chain attack or execution of malicious third-party code.
- [Command Execution] (MEDIUM): The skill requests 'Bash(infsh *)' tool permissions. This wildcard grant allows the agent to execute any subcommand of the 'infsh' utility, which could be exploited to perform unauthorized operations if the CLI has administrative or network capabilities.
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data via the 'image_url' and 'prompt' fields in the 'infsh app run' commands. Evidence: 1. Ingestion: image_url/prompt in infsh calls (SKILL.md); 2. Boundary markers: Absent; 3. Capability inventory: Bash execution via infsh tool; 4. Sanitization: None detected in the skill definition.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata