background-removal
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill documentation instructs users to execute
curl -fsSL https://cli.inference.sh | sh. This is a 'pipe-to-shell' pattern that downloads and runs arbitrary code from an untrusted, non-whitelisted domain (inference.sh) without any integrity verification. - External Downloads (HIGH): The skill references
npx skills add inferencesh/skills, which installs additional executable logic from an untrusted external source. - Indirect Prompt Injection (HIGH): Ingestion points:
image_urlfields in JSON inputs (SKILL.md). Boundary markers: None present. Capability inventory:Bash(infsh *)allows for arbitrary command execution and network requests via the third-party CLI. Sanitization: None detected. This creates an attack surface where data from external images or API responses could influence the agent's logic. - Command Execution (HIGH): The skill is granted
Bash(infsh *)permissions, allowing it to execute a binary that was installed via an insecure and untrusted method.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata