social-media-carousel
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill contains a pattern where a remote script is piped directly into a shell interpreter for installation: curl -fsSL https://cli.inference.sh | sh. While the domain appears to belong to the vendor, this method of installation bypasses standard package management and constitutes blind remote code execution in an automated agent environment.
- [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to run the infsh CLI, including a bash loop for batch generating multiple carousel slides.
- [EXTERNAL_DOWNLOADS]: The installation process fetches binary files from dist.inference.sh and verifies them against a checksum file.
- [PROMPT_INJECTION]: The skill processes user-supplied HTML and text within the infsh app run command. This creates an indirect prompt injection surface where malicious instructions embedded in the HTML could potentially impact the image generation tool or subsequent agent steps.
- [INGESTION_POINTS]: HTML and prompt strings inside infsh command arguments.
- [BOUNDARY_MARKERS]: Content is placed within JSON strings in the --input flag.
- [CAPABILITY_INVENTORY]: Access to the Bash tool and external image generation APIs via the infsh CLI.
- [SANITIZATION]: No explicit sanitization or validation of the provided HTML or text is present in the skill instructions.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata