image-upscaling
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill documentation explicitly recommends running
curl -fsSL https://cli.inference.sh | sh. This is a classic RCE vector where arbitrary code from a remote, untrusted server is executed locally without any integrity verification. - [EXTERNAL_DOWNLOADS] (HIGH): The skill relies on resources from
inference.shandcli.inference.sh. These domains are not part of the established trusted organizations list, making any scripts or binaries downloaded from them untrustworthy by default. - [COMMAND_EXECUTION] (MEDIUM): The skill requires access to the
Bashtool to executeinfshcommands. While the intended use is for image processing, the permission scope (Bash(infsh *)) allows for the execution of the malicious installation string identified in the documentation.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata