The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructions and documentation provide commands to install a CLI using 'curl -fsSL https://cli.inference.sh | sh', which executes a remote script directly in the system shell without prior inspection. Additionally, it provides instructions to write shell completion scripts to system directories such as '/etc/bash_completion.d/infsh', which serves as a persistence mechanism.
[EXTERNAL_DOWNLOADS]: Binary files, checksums, and manifests are downloaded from 'dist.inference.sh' during the installation and update processes.
[COMMAND_EXECUTION]: The skill grants the agent permission to execute any subcommand of 'infsh' via 'allowed-tools: Bash(infsh *)', providing broad capability to run cloud-based AI apps, manage tasks, and deploy new applications.
[DATA_EXFILTRATION]: The skill handles sensitive authentication credentials through the 'infsh login' command and the 'INFSH_API_KEY' environment variable, which could be exposed or misused.
[PROMPT_INJECTION]: The skill acts as an interface for over 150 third-party AI applications and search tools, making it a surface for indirect prompt injection. * Ingestion points: Results and outputs from 'infsh app run' (SKILL.md, running-apps.md). * Boundary markers: Absent. * Capability inventory: Broad execution of cloud apps and system commands via 'infsh'. * Sanitization: No sanitization or validation of external tool output is documented.

agent-tools