ai-product-photography
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill contains a 'Quick Start' instruction to run
curl -fsSL https://cli.inference.sh | sh. This is a classic RCE pattern that executes unverified code from an untrusted domain directly on the host system. - [COMMAND_EXECUTION] (HIGH): The skill configuration explicitly allows
Bash(infsh *). Because this tool is installed via an untrusted script, any subsequent use of the tool represents a significant execution risk if the installer or the source domain is compromised. - [EXTERNAL_DOWNLOADS] (HIGH): The skill depends on software and scripts hosted at
inference.sh, which is not on the list of Trusted External Sources. This introduces an unverified supply chain dependency. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). Evidence Chain: 1. Ingestion points: The skill takes arbitrary user prompts and interpolates them into bash commands (
infsh app run ... --input). 2. Boundary markers: No delimiters or ignore instructions are present in the command templates. 3. Capability inventory: The skill has permission to execute shell commands. 4. Sanitization: There is no evidence of shell escaping or prompt sanitization for the generated commands.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata