ai-image-generation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill's setup instructions use 'curl -fsSL https://cli.inference.sh | sh', which is a critical risk pattern that executes a remote script from an untrusted domain with full user privileges.
- Prompt Injection (HIGH): The skill is vulnerable to indirect prompt injection via user-supplied image prompts. 1. Ingestion points: User input is mapped to the 'prompt' field in commands like 'infsh app run'. 2. Boundary markers: Absent; input is concatenated into a JSON string for shell execution. 3. Capability inventory: The skill has 'Bash' tool access to execute the 'infsh' CLI. 4. Sanitization: Absent; no sanitization or escaping of the user-provided prompt is performed before command execution.
- External Downloads (MEDIUM): The skill promotes the installation of additional unverified skills using 'npx skills add', which increases the attack surface through unvetted third-party code.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata