The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill promotes an installation pattern in SKILL.md and references/authentication.md that pipes remote content directly into a shell (curl -fsSL https://cli.inference.sh | sh). This allows for the execution of unverified code from the network on the user's host system.
[DATA_EXFILTRATION]: The CLI tool features automatic local file uploads as described in the 'Local File Uploads' section of SKILL.md. When an agent provides a file path instead of a URL in the JSON input for the infsh app run command, the tool automatically reads and uploads that file to the vendor's cloud infrastructure. This capability presents a high risk of accidental or malicious exfiltration of sensitive files like ~/.ssh/id_rsa or .env if the agent is misdirected.
[COMMAND_EXECUTION]: The skill grants the agent permission to execute the infsh binary with arbitrary arguments using the Bash(infsh *) tool. This broad access allows the agent to perform complex operations including running remote AI tasks, managing deployments, and interacting with local files, which could be abused if the agent's instructions are compromised.
[EXTERNAL_DOWNLOADS]: The manual installation instructions involve downloading binaries and checksums from dist.inference.sh. While the skill includes instructions for SHA-256 verification, the process still involves fetching and executing opaque binaries from an external source.
[REMOTE_CODE_EXECUTION]: The CLI reference documentation suggests setting up shell completions by writing to system directories such as /etc/bash_completion.d/. This practice, while standard for many tools, involves executing commands that modify shell initialization, which can be used to establish persistence or execute code on shell startup.

infsh-cli