infsh-cli
Fail
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation process promotes using
curl -fsSL https://cli.inference.sh | sh. This pattern downloads and executes a remote script in a single step, which is a major security risk because the source script can be maliciously altered. - [DATA_EXFILTRATION]: The
infshtool is designed to automatically upload local files to theinference.shcloud when paths are provided in input parameters. This allows for the exfiltration of sensitive system files (e.g., SSH keys, credentials, or environment variables) if the agent is directed to access them. - [COMMAND_EXECUTION]: The skill configuration enables the agent to execute any
infshcommand via the Bash tool, granting it the power to authenticate, run remote applications, and manage task results locally. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Untrusted data enters the context through
infsh app runinputs (ingestion points). There are no boundary markers or sanitization processes (sanitization absent) to prevent malicious instructions. The agent has significant capabilities (capability inventory) including file uploads and subprocess execution, which could be abused to send local secrets to the vendor's platform. - [COMMAND_EXECUTION]: The documentation suggests writing shell completion scripts to
/etc/bash_completion.d/, which is a privileged system configuration directory. Modifications to such paths can be used to alter system behavior.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata