infsh-cli
Fail
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's primary installation method involves piping a remote shell script directly to the command line (
curl -fsSL https://cli.inference.sh | sh), which permits the execution of arbitrary remote code on the host system. - [COMMAND_EXECUTION]: Documentation for shell completions provides commands that write to system-wide directories such as
/etc/bash_completion.d/, representing a modification of system environment configuration that may require elevated privileges. - [DATA_EXFILTRATION]: The CLI is configured to automatically detect local file paths provided as input parameters and upload the referenced files to the inference.sh cloud infrastructure for processing.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata