ai-image-generation
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill's installation process uses the pattern
curl -fsSL https://cli.inference.sh | shas documented inSKILL.md. This executes a remote script with the privileges of the local user without any verification of its content, which could be replaced with malicious code at any time. - External Downloads (HIGH): The skill depends on tools and scripts hosted at
inference.sh. This domain is not on the list of trusted external sources, making the dependency unverifiable and potentially unsafe. - Command Execution (MEDIUM): The skill is configured to use the
Bashtool to executeinfshcommands. While this is the intended function of the skill, the execution of local binaries based on remote instructions increases the attack surface of the environment. - Indirect Prompt Injection (LOW):
- Ingestion points: User-provided text prompts are ingested and formatted into JSON payloads for the
infshcommand (e.g.,SKILL.mdexamples). - Boundary markers: None. Prompts are interpolated directly into the command arguments.
- Capability inventory: The skill can execute shell commands via the
Bashtool. - Sanitization: No evidence of input sanitization or escaping is provided in the skill's instructions, creating a surface where a malicious prompt could attempt to break out of the JSON structure or the CLI command.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata