product-changelog
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
infshCLI to execute various tasks, including image generation (using models like Flux) and screenshot capture via a browser agent. This relies on the vendor's command-line infrastructure. - [EXTERNAL_DOWNLOADS]: The documentation references installing additional skill dependencies via the
npx skills addcommand, targeting the vendor's repository (inference-sh/skills). - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it can be directed to use the
infsh/agent-browsertool to visit external URLs for screenshots. Ingestion points: External URLs processed by theinfsh/agent-browsertool (SKILL.md). Boundary markers: The skill does not provide explicit markers or instructions to the agent to ignore potentially malicious content embedded in the web pages it visits. Capability inventory: The skill can execute shell commands through the CLI, interact with a web browser, and trigger various image processing applications (SKILL.md). Sanitization: There is no evidence of sanitization or content validation for data retrieved from external URLs before it is processed by the agent.
Audit Metadata