agent-tools
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The installation instructions in
SKILL.mdandreferences/authentication.mduse the patterncurl -fsSL https://cli.inference.sh | sh. This executes code from an unverified external source directly in the system shell without prior inspection. - COMMAND_EXECUTION (HIGH): The skill is configured to allow arbitrary bash commands via the
infshtool (allowed-tools: Bash(infsh *)), providing a broad attack surface for command injection if inputs are not strictly sanitized. Additionally, it suggests operations requiring elevated privileges, such as writing to/etc/. - EXTERNAL_DOWNLOADS (HIGH): The skill initiates downloads of the CLI executable from
https://cli.inference.sh, which is not included in the list of trusted external sources. - PROMPT_INJECTION (LOW): The skill exposes a surface for indirect prompt injection. 1. Ingestion points: User-provided prompts for AI apps in
running-apps.md. 2. Boundary markers: None. 3. Capability inventory: External model execution and command-line interactions. 4. Sanitization: No sanitization or validation of the input data is described.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata