Skills
skills/inference-sh-9/skills/prompt-engineering/Gen Agent Trust Hub

prompt-engineering

Fail

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill references an installation script at https://cli.inference.sh that is executed via a pipe to sh. This resource belongs to the vendor's infrastructure and is part of the standard setup for the infsh tool.
  • [PROMPT_INJECTION]: The skill's workflow for running AI models creates a surface for indirect prompt injection (Category 8).
  • Ingestion points: User-defined prompt data is passed to the infsh app run command via the --input argument in SKILL.md.
  • Boundary markers: No delimiters or instructions are present to isolate the prompt content from the tool command structure.
  • Capability inventory: The skill is authorized to use the Bash tool to execute infsh commands.
  • Sanitization: No sanitization or escaping of the prompt strings is performed before they are processed by the tool.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 25, 2026, 05:35 PM