infsh-cli
Fail
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to install its core CLI tool using the command
curl -fsSL https://cli.inference.sh | sh. This pattern is highly insecure as it downloads and executes a script from a remote server directly in the shell without any verification or oversight. - [DATA_EXFILTRATION]: The
infshCLI tool features an automatic file upload mechanism described inSKILL.mdandreferences/running-apps.md. When a local file path (e.g.,/path/to/photo.jpgor./my-image.png) is provided in the input JSON for theinfsh app runcommand, the tool reads the file from the local disk and uploads it to theinference.shcloud servers. This capability can be exploited to exfiltrate sensitive local data, such as SSH keys (~/.ssh/id_rsa), environment variables (.env), or system configuration files, if an attacker can influence the input arguments provided to the agent. - [COMMAND_EXECUTION]: The skill requires the
Bashtool to executeinfshcommands. These commands allow the agent to interact with the local filesystem (for file uploads) and perform network operations (communicating with theinference.shAPI). - [EXTERNAL_DOWNLOADS]: The skill's setup and manual installation instructions involve downloading binary executables, manifest files, and checksums from
dist.inference.sh.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata