prompt-engineering
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the download and installation of the official Inference.sh CLI tool and associated assets from the vendor's domains (cli.inference.sh, dist.inference.sh, and cloud.inference.sh).
- [REMOTE_CODE_EXECUTION]: The documentation provides an installation one-liner
curl -fsSL https://cli.inference.sh | sh. This pattern executes a remote script directly in the shell to set up the vendor's environment. - [COMMAND_EXECUTION]: The skill includes many examples of executing the
infshcommand to interact with AI models. The execution environment is restricted to this specific tool through the skill configuration. - [DATA_EXFILTRATION]: Usage of the provided examples involves sending user-supplied content and prompts to the Inference.sh platform for processing by various AI models.
- [PROMPT_INJECTION]: The skill documents techniques for processing external data (e.g., code snippets, articles) which introduces a surface for indirect prompt injection. 1. Ingestion points: Data is interpolated into shell command arguments within examples in SKILL.md. 2. Boundary markers: Examples do not implement explicit delimiters to separate instructions from processed data. 3. Capability inventory: The skill utilizes shell command execution (infsh) and network communication. 4. Sanitization: No validation or sanitization of the interpolated input text is present in the provided templates.
Audit Metadata