book-cover-design
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): Piped remote script execution detected. The command
curl -fsSL https://cli.inference.sh | shinSKILL.mddownloads and immediately executes a shell script from a source not on the trusted list. This bypasses verification and allows for full system compromise. - [EXTERNAL_DOWNLOADS] (MEDIUM): Unverifiable remote dependencies. The skill suggests adding further skills via
npx skills add inference-sh/skills@..., which fetches and executes code from a non-standard repository without integrity checks. - [COMMAND_EXECUTION] (HIGH): Execution of arbitrary bash commands. The skill requires
allowed-tools: Bash(infsh *), which grants the agent broad power to interact with the system and network via a third-party CLI tool. - [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface. The skill templates interpolate user-provided text directly into shell commands for the
infshCLI. - Ingestion points: User-provided genre or scene descriptions used in image generation prompts.
- Boundary markers: Absent; no delimiters are used to separate user data from command structure.
- Capability inventory: The agent can execute bash commands through the
infshtool, includingapp run, which sends data to external APIs. - Sanitization: Absent; there is no evidence of input validation or escaping for the JSON payload passed to the CLI.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata