infsh-cli
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill recommends an installation method where a script is fetched from the author's domain (https://cli.inference.sh) and executed immediately through a shell pipe.
- [EXTERNAL_DOWNLOADS]: Alternative installation instructions involve downloading manifest files, checksums, and binaries from the author's infrastructure (dist.inference.sh).
- [DATA_EXFILTRATION]: The tool supports a feature that automatically uploads local media files (images, audio, video) to the vendor's cloud servers when file paths are provided as command-line arguments.
- [CREDENTIALS_UNSAFE]: The skill provides guidance on authenticating via the CLI and setting up the INFSH_API_KEY environment variable to manage session tokens.
- [COMMAND_EXECUTION]: Core functionality involves executing the infsh binary with various subcommands to perform tasks like running AI models and managing jobs.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface as it passes user-controllable text to remote AI models.
- Ingestion points: Prompt fields in JSON inputs within SKILL.md and references/running-apps.md.
- Boundary markers: None present to distinguish instructions from data.
- Capability inventory: Access to the infsh command-line tool via shell execution.
- Sanitization: No explicit sanitization or validation of input prompts is documented.
Audit Metadata