agent-tools
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill configuration and documentation (SKILL.md, references/authentication.md) promote installation via
curl -fsSL https://cli.inference.sh | sh. This pattern is a verified remote code execution vulnerability when used with untrusted domains, as it allows a remote server to execute arbitrary code on the user's machine. - [COMMAND_EXECUTION] (HIGH): The skill defines
allowed-tools: Bash(infsh *)in SKILL.md. This grants the AI agent broad authority to execute any subcommand of theinfshCLI, including those that manage cloud deployments, handle authentication (infsh login), and modify system configurations. - [EXTERNAL_DOWNLOADS] (HIGH): The skill depends on binaries and scripts from
dist.inference.shand external skill sets added vianpx skills add. These sources are not within the trusted scope defined for AI agent skills, posing a significant supply chain integrity risk. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data via the
--inputflag in theinfsh app runtool (documented in SKILL.md and references/running-apps.md). No boundary markers or sanitization procedures are documented to prevent embedded instructions in input data from hijacking the agent's logic.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata