agent-tools
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent or user to install the CLI using the command
curl -fsSL https://cli.inference.sh | sh. This pattern executes a script directly from a remote server controlled by the author. - [EXTERNAL_DOWNLOADS]: The installation process and manual setup instructions reference downloads for binaries, manifests, and checksums from
dist.inference.shandcli.inference.sh, which are vendor-owned domains. - [COMMAND_EXECUTION]: The skill defines
allowed-tools: Bash(infsh *), which grants the agent the capability to execute any command provided by theinfshutility, including running models, managing tasks, and automating interactions with third-party services like Twitter/X. - [PROMPT_INJECTION]: The skill is exposed to indirect prompt injection risks because it processes results from untrusted AI applications and web searches which could contain malicious instructions.
- Ingestion points: Data ingested through the
--inputflag ininfsh app runand output returned from various AI 'apps' hosted on the platform. - Boundary markers: The CLI utilizes structured JSON for data exchange, which provides some structural separation but does not prevent the underlying AI models from obeying instructions embedded in the data.
- Capability inventory: Full access to the
infshCLI tool via Bash allows the agent to perform a wide range of cloud-based operations. - Sanitization: The skill documentation does not define specific sanitization or filtering logic for data processed by the CLI before it is interpolated into agent prompts.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata