logo-design-guide
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill directs users to execute
curl -fsSL https://cli.inference.sh | sh. This is an untrusted source outside the defined whitelist of trusted providers. - REMOTE_CODE_EXECUTION (HIGH): The use of
curl | shis a dangerous pattern that allows a remote server to execute arbitrary code on the host machine. The integrity of the script cannot be verified at runtime. - COMMAND_EXECUTION (MEDIUM): The skill relies on the
infshtool, which is installed via the aforementioned unverified script. Subsequent commands likeinfsh app runexecute local logic based on this installation. - PROMPT_INJECTION (LOW): While the skill primarily uses standard instructions, it creates a surface for indirect prompt injection (Category 8) by interpolating user-provided prompts into JSON objects for image generation without explicit sanitization or boundary markers.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata