infsh-cli
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The documentation describes an installation method that executes a remote script via
curl -fsSL https://cli.inference.sh | sh. This script is hosted on the vendor's own domain and is used to install the platform's CLI tool. - [COMMAND_EXECUTION]: The skill uses the
Bashtool to executeinfshcommands. It also provides instructions for generating shell completions that involve writing to system paths such as/etc/bash_completion.d/. - [EXTERNAL_DOWNLOADS]: The installation process downloads binary executables and manifest files from the vendor's distribution infrastructure at
dist.inference.sh. - [DATA_EXFILTRATION]: The CLI tool supports a feature where local file paths provided in input JSON fields are automatically read and uploaded to the vendor's cloud platform for processing by AI models.
- [CREDENTIALS_UNSAFE]: The documentation includes guidance on using the
INFSH_API_KEYenvironment variable for authentication, which is a standard practice for CLI tools in non-interactive environments. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes input JSON that can contain local file paths. There are no explicit boundary markers or sanitization steps mentioned for these inputs, which could potentially be manipulated to access or upload unintended local files.
Audit Metadata