Skills
skills/inferencesh/agent-skills/book-cover-design/Gen Agent Trust Hub

book-cover-design

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Remote Code Execution (CRITICAL): The SKILL.md file includes the command curl -fsSL https://cli.inference.sh | sh. This is a dangerous pattern that executes unverified remote code with the privileges of the current user.
  • External Downloads (MEDIUM): The skill references and installs several external packages via npx skills add from the inferencesh/skills repository. This source is not within the defined list of trusted providers, posing a supply chain risk.
  • Command Execution (HIGH): The skill's allowed-tools configuration grants broad access to the Bash tool for all infsh subcommands. Given that infsh is installed via the aforementioned unverified script, this enables the execution of potentially malicious code under the guise of image generation tasks.
Recommendations
  • CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 06:38 AM