agent-tools
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions promote the installation of the CLI via 'curl -fsSL https://cli.inference.sh | sh'. This pattern executes remote code directly in the user's shell environment without integrity verification or human review, presenting a significant security risk. Manual installation steps also use complex command chains to dynamically download binaries, which can obscure the final download target.
- [COMMAND_EXECUTION]: The skill requests broad 'Bash' execution rights for the 'infsh' tool. This allows the agent to perform a wide range of actions, including authentication, application deployment, and task management.
- [INDIRECT_PROMPT_INJECTION]: The skill provides an interface for running AI apps with user-supplied inputs, creating a surface for indirect attacks. Ingestion points: input.json files and inline JSON strings in SKILL.md and references/running-apps.md. Boundary markers: None present. Capability inventory: Bash tool execution and network access via the CLI. Sanitization: No evidence of validation or sanitization of external content before processing.
- [PRIVILEGE_ESCALATION]: Setup instructions for shell completions in references/cli-reference.md recommend writing to '/etc/bash_completion.d/', which requires root permissions and can be used for persistence or lateral movement if the CLI tool is compromised.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata