Skills
skills/inferencesh/skills/ai-product-photography/Gen Agent Trust Hub

ai-product-photography

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Unverifiable Dependencies & Remote Code Execution (CRITICAL): The command 'curl -fsSL https://cli.inference.sh | sh' is used to install the required CLI tool. Piping remote scripts directly into a shell is a dangerous pattern that allows an untrusted source to execute arbitrary code without prior review.
  • Indirect Prompt Injection (LOW): The skill uses string interpolation of user-provided 'PRODUCT' and 'angle' variables directly into shell commands. 1. Ingestion: User variables in batch generation script (SKILL.md). 2. Boundaries: None. 3. Capability: Bash tool access. 4. Sanitization: None present.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 11:22 AM