ai-product-photography
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill utilizes the highly dangerous pattern
curl -fsSL https://cli.inference.sh | shto install its dependencies. This allows an external server to execute arbitrary code on the local system without verification. Additionally, the skill usesnpx skills addwhich downloads and executes packages from the npm registry, further increasing remote code execution risk.\n- EXTERNAL_DOWNLOADS (HIGH): The skill downloads and executes code frominference.shand the npm registry, neither of which are in the trusted sources list. This poses a significant supply chain risk.\n- COMMAND_EXECUTION (HIGH): The skill performs shell command execution using theBashtool. It interpolates user-provided prompts into JSON strings passed as arguments to theinfshbinary, creating a high risk of command injection if the user provides malicious input that breaks the JSON or shell syntax.\n- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection due to a lack of sanitization for user-provided inputs used in tool calls.\n - Ingestion points: The
promptfield within the--inputargument ofinfshcommands in SKILL.md.\n - Boundary markers: None present to delimit user input or warn the agent about embedded instructions.\n
- Capability inventory: File system access and network operations via the
infshbinary andBashshell.\n - Sanitization: No sanitization or validation of the input prompt is performed before interpolation into the shell command.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata