qwen-image-pro
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches an installation script from the author's official domain at cli.inference.sh. This is documented as a vendor-provided resource for installing the necessary CLI.- [REMOTE_CODE_EXECUTION]: The installation process executes a script from a remote server (https://cli.inference.sh) by piping it directly to the shell. This follows the vendor's standard installation procedure for their tools.- [COMMAND_EXECUTION]: The skill requires the Bash(infsh *) capability to run image generation commands through the inference.sh CLI.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. 1. Ingestion points: The skill accepts user-supplied text in the prompt field. 2. Boundary markers: No delimiters are used to separate user input from system instructions. 3. Capability inventory: The skill uses the Bash tool to execute commands based on these inputs. 4. Sanitization: There is no evidence of input validation or sanitization to prevent the agent from obeying instructions embedded within the prompt data.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata