Skills
AGENT LAB: SKILLS
skills/inference-sh-4/skills/flux-image/Gen Agent Trust Hub

flux-image

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill documentation instructs users to execute a remote script using curl -fsSL https://cli.inference.sh | sh. This pattern is highly dangerous as it grants the remote server full control to execute arbitrary commands on the local machine without prior inspection.
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill relies on external binaries and scripts downloaded from inference.sh, which is not a verified or trusted source according to security guidelines.
  • [COMMAND_EXECUTION] (MEDIUM): The skill requires access to the Bash tool to run the infsh command, which is a powerful capability that could be misused if the underlying tool is compromised.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 19, 2026, 12:23 AM