Skills
skills/inference-sh-3/skills/flux-image/Gen Agent Trust Hub

flux-image

Fail

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the user to execute an installation script directly from the web using curl -fsSL https://cli.inference.sh | sh. This is the vendor's official method for deploying the infsh utility.
  • [COMMAND_EXECUTION]: Uses the Bash tool to run the infsh CLI for model execution, authentication (infsh login), and application management.
  • [EXTERNAL_DOWNLOADS]: Fetches software binaries and integrity checksums from dist.inference.sh during the installation process. It also suggests adding additional skills via npx skills add from the vendor's repository.
  • [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection by interpolating user-provided prompts into JSON objects passed to the shell.
  • Ingestion points: User prompts in SKILL.md (e.g., the --input flag).
  • Boundary markers: None present in the command templates to isolate user-provided text from the JSON structure.
  • Capability inventory: Full access to the infsh tool via Bash permissions.
  • Sanitization: No explicit sanitization or schema validation of the input prompt is performed within the skill instructions.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 25, 2026, 01:02 AM