ai-image-generation
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs users to install a CLI tool using
curl -fsSL https://cli.inference.sh | sh. This 'curl to shell' pattern is a high-risk practice that executes unverified code directly on the user's system without integrity checks or manual review. Additionally, the skill usesnpx skills addto fetch and execute further components from an external, untrusted source. - [EXTERNAL_DOWNLOADS]: The skill downloads executable binaries and scripts from
cli.inference.shanddist.inference.sh. These domains are not recognized as trusted or well-known service providers according to security policy, and the downloads occur outside of standard package management registries. - [COMMAND_EXECUTION]: The skill leverages the
Bashtool to run theinfshcommand-line interface. While this is core to its functionality, the execution relies on a binary obtained through an insecure remote installation process. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection. 1. Ingestion points: User-provided prompt strings within JSON objects passed to the
infshtool (e.g., in the 'prompt' field). 2. Boundary markers: No delimiters or instructions are used to distinguish user input from the agent's command structure. 3. Capability inventory: The skill can execute shell commands via Bash and interact with an external AI service. 4. Sanitization: There is no evidence of escaping, validation, or filtering of the user input before it is interpolated into the command-line arguments.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata