inference-sh-cli
Fail
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation recommends installing the CLI tool by fetching a script from an external domain and piping it directly to the shell (curl -fsSL https://cli.inference.sh | sh).
- [COMMAND_EXECUTION]: The instructions direct the agent to interpolate user-provided prompts directly into shell command strings for the
infshtool. This pattern creates a significant risk of command injection if the input contains shell metacharacters. - [DATA_EXFILTRATION]: The skill includes functionality for uploading local files to a remote cloud service. This capability could be exploited to exfiltrate sensitive files from the environment if the agent is directed to do so by a malicious prompt.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted user data as input for shell-executing capabilities without using strict delimiters or programmatic sanitization.
- Ingestion points: User-provided prompts and local file paths.
- Boundary markers: None present.
- Capability inventory: Shell command execution via the terminal tool and local filesystem read access.
- Sanitization: Only a manual instruction to the agent to escape quotes is provided, which is insufficient for preventing injection attacks.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata