Skills
skills/inferencesh/skills/agent-tools/Gen Agent Trust Hub

agent-tools

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill documentation provides a command to install the infsh CLI via a script hosted at https://cli.inference.sh, which is the official domain for the vendor.
  • [COMMAND_EXECUTION]: The skill is configured to use the infsh command via Bash(infsh *) to interact with cloud-based AI services as part of its primary functionality.
  • [DATA_EXFILTRATION]: The skill includes capabilities to send data to external services such as Twitter (infsh app run x/post-tweet) and various AI model providers (OpenRouter, Google, etc.), which is consistent with its intended use case.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it accepts user-provided data to be passed as input to external AI models.
  • Ingestion points: Data enters via the --input argument in infsh app run commands found in SKILL.md and references/running-apps.md.
  • Boundary markers: The skill does not explicitly define delimiters or instructions to ignore embedded commands within the JSON input.
  • Capability inventory: The agent can execute any infsh command, which includes running 150+ different AI applications and interacting with external APIs.
  • Sanitization: There is no evidence of input sanitization or validation before passing data to the CLI tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 10:48 AM