The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill documentation includes an installation command that fetches a shell script from the vendor's domain and pipes it to the shell.
Evidence: curl -fsSL https://cli.inference.sh | sh
Context: This is the official installation method for the inference-sh-9 vendor's CLI.
[EXTERNAL_DOWNLOADS]: The installation script targets vendor-controlled infrastructure to download binary executables.
Evidence: Fetches binaries from dist.inference.sh based on OS and architecture.
[COMMAND_EXECUTION]: The skill requires permission to execute the vendor's binary via the Bash tool.
Evidence: allowed-tools: Bash(infsh *) permits execution of all CLI commands needed for image generation and authentication.
[PROMPT_INJECTION]: The skill ingests user-provided text prompts to pass to remote AI models, which is the primary surface for indirect prompt injection.
Ingestion points: User prompts are embedded in the --input JSON string for various model runs (e.g., falai/flux-dev-lora).
Boundary markers: None present in the command templates to delimit user input from instructions.
Capability inventory: The skill has permission to execute the infsh binary and perform network requests through the vendor's API.
Sanitization: No sanitization or validation of the prompt content is performed locally before being sent to the remote model.

ai-image-generation