The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill's installation instructions in SKILL.md and references/authentication.md direct the user to execute curl -fsSL https://cli.inference.sh | sh. This pattern downloads and executes a script from a remote server directly in the user's shell, which is a significant security risk if the remote source is compromised.- [COMMAND_EXECUTION]: The skill requests permission for Bash(infsh *), which grants the agent broad access to the vendor's CLI tool. This tool has capabilities for network operations, local file writes (via --save flags), and configuration management.- [COMMAND_EXECUTION]: Documentation in references/cli-reference.md includes commands to write shell completion scripts to protected system directories like /etc/bash_completion.d/. This activity typically requires elevated privileges and modifies system-wide configuration files.- [PROMPT_INJECTION]: The skill facilitates the use of external LLMs and search tools (e.g., infsh app run openrouter/claude-sonnet-45). This introduces a surface for indirect prompt injection where malicious instructions in processed data could influence the agent's behavior.
Ingestion points: SKILL.md, references/running-apps.md (via --input parameter in infsh app run).
Boundary markers: None present in prompt templates.
Capability inventory: The infsh CLI enables network communication, file system interaction, and automation of third-party platforms like Twitter.
Sanitization: No sanitization or validation of the input prompt is described in the skill documentation.

agent-tools