qwen-image
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions include a command to download and execute an installation script from the vendor's official domain at https://cli.inference.sh. This is used to set up the infsh CLI tool required for the skill's operation.
- [COMMAND_EXECUTION]: The skill utilizes the infsh CLI tool through the Bash tool to perform image generation tasks. Commands such as infsh app run are used to send prompts and configuration data to the models.
- [DATA_EXFILTRATION]: The skill documentation mentions the infsh login command for authentication purposes. The analysis did not find any hardcoded secrets or evidence of sensitive local file access.
Audit Metadata