Skills
skills/jackiexiao/jackie-skills-starter/ai-image-generation/Gen Agent Trust Hub

ai-image-generation

Fail

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill documentation explicitly recommends running curl -fsSL https://cli.inference.sh | sh. This pattern is highly dangerous as it executes unverified code from an untrusted external domain.
  • [EXTERNAL_DOWNLOADS] (HIGH): The installation process involves downloading binaries from inference.sh, a source that is not recognized as trusted.
  • [COMMAND_EXECUTION] (MEDIUM): The tool configuration Bash(infsh *) allows the execution of the infsh utility with arbitrary parameters, which could be exploited if the utility itself is compromised.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection. 1. Ingestion points: User-provided strings for the --input flag in SKILL.md. 2. Boundary markers: None identified. 3. Capability inventory: Subprocess execution of infsh in SKILL.md. 4. Sanitization: None identified; input is interpolated directly into shell commands.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 20, 2026, 06:25 PM