The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The installation process for the CLI tool utilizes curl -fsSL https://cli.inference.sh | sh. This pattern is highly risky as it executes remote code directly in the shell environment without manual verification.
[COMMAND_EXECUTION]: The skill requires permission to execute Bash(infsh *), which allows the agent to run any command supported by the infsh utility. This provides the agent with significant capabilities, including running third-party AI models, deploying new apps, and performing social media actions like x/post-tweet.
[EXTERNAL_DOWNLOADS]: The CLI installer and update processes fetch binaries and configuration files from dist.inference.sh and other external sources.
[CREDENTIALS_UNSAFE]: The skill facilitates the use of authentication secrets, specifically mentioning INFSH_API_KEY and the infsh login command. If an agent with shell access is compromised or tricked via prompt injection, these credentials could be exposed.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data from untrusted external sources (e.g., via tavily/search-assistant and exa/search).
Ingestion points: Data from external search results enters the agent's context through the output of infsh app run commands.
Boundary markers: There are no explicit markers or instructions within the provided documentation to differentiate between tool output and instructions.
Capability inventory: The agent can use the infsh tool to perform public actions like posting to Twitter or modifying local files.
Sanitization: The documentation does not specify any sanitization or validation of data retrieved from external AI apps before it is processed by the agent.

agent-tools