ai-product-photography
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The SKILL.md file instructs users to run
curl -fsSL https://cli.inference.sh | sh, which downloads a shell script from the internet and executes it directly. This pattern is a critical security risk because it bypasses package management security and allows the remote server to execute arbitrary code on the host machine. - EXTERNAL_DOWNLOADS (HIGH): The skill downloads binaries and additional skill packages from
inference.shandnpx, none of which are recognized trusted sources. This introduces a significant supply chain risk. - COMMAND_EXECUTION (MEDIUM): The skill is configured with
allowed-tools: Bash(infsh *), giving the agent the ability to execute theinfshcommand-line utility. While necessary for functionality, it increases the system's attack surface by allowing the agent to run an external binary. - PROMPT_INJECTION (LOW): The skill takes user-provided image prompts and interpolates them directly into shell commands via the
--inputflag. The lack of sanitization or boundary markers (such as delimiters) creates a potential surface for indirect prompt injection or command parameter manipulation.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.inference.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata