Skills
skills/inference-sh-8/skills/infsh-cli/Gen Agent Trust Hub

infsh-cli

Fail

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions to install its core CLI tool by piping a remote shell script directly into a shell environment.
  • Evidence: curl -fsSL https://cli.inference.sh | sh (found in SKILL.md, references/authentication.md, and references/cli-reference.md).
  • Context: The source domain is owned by the author 'inference-sh-8'.
  • [DATA_EXFILTRATION]: The infsh tool is designed to automatically upload local files when paths are provided in input arguments, creating a potential path for sensitive data exposure.
  • Evidence: 'The CLI automatically uploads local files when you provide a path instead of a URL' (found in SKILL.md and references/running-apps.md).
  • Risk: Malicious prompts could trick the agent into specifying sensitive file paths (e.g., ~/.ssh/id_rsa) as input, causing them to be uploaded to the cloud platform.
  • [PROMPT_INJECTION]: The skill serves as an interface for processing external data through third-party AI models without explicit boundary markers, presenting an indirect prompt injection surface.
  • Ingestion points: Untrusted prompt data enters the execution context via the --input argument in infsh app run commands (found in SKILL.md).
  • Boundary markers: Absent; user input is interpolated directly into command-line arguments.
  • Capability inventory: The skill uses Bash(infsh *) to interact with numerous applications, including tools for web search and social media automation.
  • Sanitization: No evidence of validation or sanitization of external content before it is passed to the CLI.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 27, 2026, 02:31 PM