agent-tools
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions utilize 'curl -fsSL https://cli.inference.sh | sh', which allows unverified remote code to run with user shell privileges.
- [EXTERNAL_DOWNLOADS]: The skill downloads binaries and manifest files from 'dist.inference.sh' for both automated and manual installation paths.
- [COMMAND_EXECUTION]: The agent is granted the 'infsh *' capability, which includes commands for web searching and social media interaction via the inference.sh platform.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the '--input' argument in 'infsh' commands. The ingestion point is the '--input' parameter, and it lacks boundary markers or sanitization for processing untrusted external content, which could lead to unauthorized tool usage across its search and social media capabilities.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata