og-image-design
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation includes a command to install the required 'infsh' CLI by downloading and executing a shell script from 'https://cli.inference.sh'. This is a vendor-owned resource used for establishing the necessary environment.
- [EXTERNAL_DOWNLOADS]: The skill fetches binaries from 'dist.inference.sh' during the installation process and references additional external skills from the 'inference-sh/skills' repository.
- [COMMAND_EXECUTION]: The skill's primary functionality relies on executing 'infsh' CLI commands to run remote cloud applications for rendering HTML to images and performing searches.
- [PROMPT_INJECTION]: The skill incorporates user-provided text (such as blog titles and subtitles) into HTML code snippets that are subsequently processed by remote rendering tools. This creates a surface for indirect prompt injection.
- Ingestion points: User content is interpolated into the 'html' payload parameter of 'infsh app run' commands in 'SKILL.md'.
- Boundary markers: There are no explicit markers or safety instructions used to isolate the user-provided text from the surrounding HTML template.
- Capability inventory: The skill is authorized to execute the 'infsh' command-line tool as specified in the 'SKILL.md' configuration.
- Sanitization: No sanitization or escaping of the user-provided strings is implemented before they are embedded into the rendering templates.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata