prompt-engineering
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill recommends installing the CLI using
curl -fsSL https://cli.inference.sh | sh. This executes a shell script hosted on the vendor's domain. - [COMMAND_EXECUTION]: The instructions frequently execute the
infshcommand-line tool to interact with AI models. This tool is explicitly listed in the skill'sallowed-toolsconfiguration. - [EXTERNAL_DOWNLOADS]: The skill fetches assets and installers from vendor-controlled subdomains, including
cli.inference.sh,dist.inference.sh, andcloud.inference.sh. It also references external skill installation vianpxfrom the vendor's repository. - [PROMPT_INJECTION]: The skill demonstrates techniques that create an indirect prompt injection surface.
- Ingestion points: User-provided content (e.g.,
[code],[article text]) is interpolated into templates for tasks like code review or summarization. - Boundary markers: The templates use text labels such as
Code:\n[code]to separate instructions from data, which provides limited protection against adversarial input. - Capability inventory: The skill uses the
infshtool to send these constructed prompts to external LLMs. - Sanitization: There are no explicit sanitization or escaping steps provided for the data being inserted into the prompts.
Audit Metadata