book-cover-design
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill contains the command
curl -fsSL https://cli.inference.sh | sh. This pattern is highly dangerous as it downloads and executes a script from the internet without any integrity checks or human review. - External Downloads (MEDIUM): The skill uses
npx skills addto fetch external logic frominference-sh/skills, which is not a trusted source according to the established security parameters. - Command Execution (HIGH): The skill is granted
Bash(infsh *)permissions to run commands through a CLI that is installed via an unverified remote script. - Indirect Prompt Injection (LOW): The skill takes untrusted user input and interpolates it into bash command arguments for image generation, creating a surface for indirect prompt injection. * Ingestion points: User-defined prompts for image generation in SKILL.md. * Boundary markers: Absent. * Capability inventory: Access to the
Bash(infsh *)tool. * Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata