Skills
skills/inference-sh-8/skills/image-upscaling/Gen Agent Trust Hub

image-upscaling

Fail

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill directs the execution of a remote shell script via curl -fsSL https://cli.inference.sh | sh to install the infsh CLI tool. This piped execution pattern is a security risk because it executes unverified remote code directly in the host environment.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to run the infsh utility and npx commands, allowing for the execution of arbitrary application logic and the dynamic addition of further skill modules.
  • [EXTERNAL_DOWNLOADS]: External resources, including installation scripts and binaries, are fetched from subdomains of inference.sh. The skill also uses npx to download and execute packages from the npm registry.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 27, 2026, 02:31 PM