Skills
AGENT LAB: SKILLS
skills/inference-sh-4/skills/ai-image-generation/Gen Agent Trust Hub

ai-image-generation

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill contains a direct instruction to execute a remote script via curl -fsSL https://cli.inference.sh | sh. This pattern is highly dangerous as it grants an unverified remote source the ability to execute code directly in the user's shell environment.\n- [EXTERNAL_DOWNLOADS] (HIGH): The skill requires the installation of software and dependencies from inference.sh, which is not an authorized or trusted repository according to the established safety guidelines.\n- [COMMAND_EXECUTION] (MEDIUM): The skill requests permission to use Bash(infsh *), which enables the agent to execute any sub-command provided by the installed CLI, creating a broad attack surface for system interaction.\n- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it interpolates user-provided strings into shell commands without sanitization.\n
  • Ingestion points: The --input JSON prompt field in SKILL.md examples.\n
  • Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands in the input data.\n
  • Capability inventory: Bash(infsh *) tool allows for local process execution.\n
  • Sanitization: No input validation or escaping of the user-provided prompt is performed before command construction.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 10:59 PM