image-upscaling
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Remote Code Execution] (CRITICAL): Found 'curl -fsSL https://cli.inference.sh | sh' in SKILL.md. This pattern executes remote code from an untrusted domain without any integrity checks, allowing for immediate system compromise.
- [External Downloads] (HIGH): The documentation suggests installing more skills via 'npx skills add inferencesh/skills@...', which downloads and executes remote code from an unverified source, expanding the attack surface.
- [Command Execution] (MEDIUM): The 'allowed-tools' configuration includes 'Bash(infsh *)', which permits the agent to run shell commands via the 'infsh' utility. This utility is itself installed via an untrusted remote script, making all subsequent tool use potentially malicious.
- [Indirect Prompt Injection] (HIGH): Ingestion points: Untrusted external URLs (e.g., 'image_url') in SKILL.md. Boundary markers: None identified. Capability inventory: Significant execution capability via 'Bash(infsh *)'. Sanitization: None identified. Description: The skill processes external content and provides execution capabilities, creating a high-severity surface for indirect injection attacks where malicious remote content could influence agent behavior.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata