flux-image
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill instructs the user to install the
infshCLI using the commandcurl -fsSL https://cli.inference.sh | sh. This is a dangerous execution pattern as it downloads and runs a shell script directly from the internet without verification. - EXTERNAL_DOWNLOADS (HIGH): The skill depends on software hosted at
https://cli.inference.sh. This domain is not recognized as a trusted external source (such as official GitHub organizations or major cloud providers), increasing the risk of supply chain compromise. - COMMAND_EXECUTION (MEDIUM): The skill explicitly requests the
Bash(infsh *)tool permission. While necessary for the skill's functionality, it provides a vector for shell-based attacks if the underlying CLI is compromised or if inputs are poorly handled. - PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection through user-controlled data processed by the CLI tool.
- Ingestion points: User-provided text is interpolated into JSON strings passed as arguments to the
infshcommand inSKILL.md(e.g.,--input '{"prompt": "..."}'). - Boundary markers: None. There are no delimiters or instructions to the model to ignore embedded commands within the input data.
- Capability inventory: The skill utilizes
Bash(infsh *)to execute external commands based on these prompts. - Sanitization: No evidence of input validation, escaping, or sanitization of the user-provided prompt strings is present in the skill definition.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata