Skills
skills/inference-sh/skills/image-upscaling/Gen Agent Trust Hub

image-upscaling

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the infsh command-line tool to run remote image processing applications (e.g., Real-ESRGAN, Topaz). These executions are restricted to the inference.sh ecosystem and are required for the skill's core functionality.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it processes untrusted external data in the form of image URLs.
  • Ingestion points: The image_url parameter used in infsh app run commands within SKILL.md.
  • Boundary markers: Absent; the URL is passed directly as part of a JSON input string.
  • Capability inventory: The skill has the capability to execute bash commands via the infsh tool as defined in the allowed-tools metadata.
  • Sanitization: No specific sanitization or validation of the URL or the image content is performed within the skill definition, relying instead on the remote application's internal safeguards.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 04:33 AM