image-upscaling
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill documentation provides a command
curl -fsSL https://cli.inference.sh | shwhich downloads and executes a script from an untrusted external domain. This is a high-risk pattern that can lead to full system compromise. - EXTERNAL_DOWNLOADS (HIGH): The skill relies on a non-standard CLI tool and third-party models/apps hosted at inference.sh, which is not a verified or trusted source according to the security policy.
- COMMAND_EXECUTION (MEDIUM): The skill explicitly allows the
Bash(infsh *)tool, granting the agent the ability to execute any sub-command of the unverifiedinfshCLI, which interacts with remote infrastructure. - INDIRECT_PROMPT_INJECTION (LOW): The skill ingests untrusted data in the form of external image URLs and processes JSON output from tools.
- Ingestion points: The
--inputflag accepts user-provided or externally sourced image URLs (e.g.,https://your-image.jpg). - Boundary markers: Absent. There are no delimiters or warnings to ignore instructions embedded in the metadata of processed images or tool outputs.
- Capability inventory: The skill can execute shell commands via
infshand write output to local files (e.g.,> image.json). - Sanitization: None detected. External input is passed directly to the CLI tool.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata