logo-design-guide
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (CRITICAL): The command
curl -fsSL https://cli.inference.sh | shis used to install the required CLI. This pattern downloads and immediately executes code from a remote server that is not on the trusted provider list, representing a classic RCE vector. - Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill promotes the use of
npx skills add inference-sh/skills@..., which installs additional code from an external, untrusted source into the agent's workspace. - Indirect Prompt Injection (LOW): The skill is susceptible to indirect prompt injection as it interpolates user-provided text into shell commands without sanitization.
- Ingestion points: User prompts for image generation in
infsh app run. - Boundary markers: None present in the provided shell command examples.
- Capability inventory: Full access to the
infshtool viaBash. - Sanitization: No escaping or validation of user input is described or implemented.
- COMMAND_EXECUTION (LOW): The skill utilizes
Bash(infsh *), granting the agent the ability to execute shell commands. This capability, combined with the lack of input sanitization, creates a risk for command injection if malicious prompts are processed.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata