Skills
skills/inferencesh/skills/app-store-screenshots/Gen Agent Trust Hub

app-store-screenshots

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill includes an installation command that pipes a script from the vendor's official domain directly to the shell (curl -fsSL https://cli.inference.sh | sh). While this pattern is traditionally high-risk, in this context it serves as the documented installer for the author's own CLI tool.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download of OS-specific binaries from the vendor's distribution server (dist.inference.sh) and references additional vendor-maintained functionality via npx skills add.
  • [COMMAND_EXECUTION]: The skill executes the infsh command-line tool to perform image and video generation tasks. The execution environment is appropriately restricted via the allowed-tools configuration.
  • [PROMPT_INJECTION]: User-supplied text is passed as input to AI models via the infsh app run command. This creates an indirect prompt injection surface where the skill lacks explicit boundary markers or sanitization for these external strings, though risk is limited to the tool's intended generation capabilities.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 03:47 PM