product-changelog
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill includes instructions to download and execute a shell script from
https://cli.inference.shto install theinfshCLI. This script is a vendor-provided resource necessary for the skill's primary functionality. - [REMOTE_CODE_EXECUTION]: The documentation references
npx skills addcommands which fetch and execute packages from a remote registry. These packages are part of the vendor's own ecosystem of tools. - [COMMAND_EXECUTION]: The skill uses the
infshcommand to run various cloud-based applications (such asfalai/flux-dev-loraandinfsh/agent-browser) to generate images and screenshots. The tool access is restricted by the frontmatter configuration. - [EXTERNAL_DOWNLOADS]: The skill references
https://dist.inference.shfor manual binary installation and the verification of SHA-256 checksums, which are hosted on the vendor's distribution servers. - [PROMPT_INJECTION]: The skill features a potential surface for indirect prompt injection by facilitating the retrieval of external web content via the
agent-browsertool. - Ingestion points: URL parameters passed to the
infsh/agent-browserapplication in the visual generation section. - Boundary markers: Absent; there are no defined delimiters to isolate or ignore instructions embedded in the external web pages being browsed.
- Capability inventory: Execution of the
infshCLI for shell-based tasks, remote package installation vianpx, and network-dependent image generation. - Sanitization: Not identified; the skill does not provide mechanisms for validating or sanitizing the content retrieved from external URLs before processing.
Audit Metadata