Skills
AGENT LAB: SKILLS
skills/inference-sh-3/skills/flux-image/Gen Agent Trust Hub

flux-image

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill documentation explicitly recommends installation using curl -fsSL https://cli.inference.sh | sh. Executing unverified remote scripts is a major security risk, and the domain inference.sh is not on the list of trusted external sources.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on binaries and scripts downloaded from a non-whitelisted third-party domain, introducing a dependency on unvetted external infrastructure.
  • [COMMAND_EXECUTION] (MEDIUM): The skill defines Bash(infsh *) as an allowed tool, granting the agent permission to execute any command through the infsh CLI, which could be exploited if the CLI tool or the remote script used to install it is compromised.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 19, 2026, 03:41 AM