ai-product-photography
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill contains the installation pattern
curl -fsSL https://cli.inference.sh | sh, which executes a remote script with current user privileges. This is a severe security risk as the script source is unverified and from an untrusted domain.\n- External Downloads (HIGH): The skill references and executes code fromcli.inference.sh, which is not included in the list of Trusted External Sources. This lacks the security guarantees required for safe operation.\n- Indirect Prompt Injection (HIGH): The skill is highly vulnerable to command injection through untrusted user-controlled prompts.\n - Ingestion points: User-provided strings for image generation prompts are interpolated into bash commands in multiple examples in
SKILL.md.\n - Boundary markers: No boundary markers or delimiters are used to separate user data from the executable command structure.\n
- Capability inventory: The frontmatter grants
Bash(infsh *)tool permissions, giving the skill the ability to execute arbitrary sub-processes via the CLI tool.\n - Sanitization: There is no evidence of sanitization, JSON escaping, or shell metacharacter filtering for the input variables used in commands.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata