landing-page-design
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides a link to installation instructions for the
infshcommand-line tool hosted on the vendor's official GitHub repository (inference-sh). - [COMMAND_EXECUTION]: The skill uses the
infshCLI tool to interact with various AI applications for image generation and web search. Access is restricted by the platform configuration to only allow commands starting withinfsh. - [PROMPT_INJECTION]: The skill retrieves data from external web searches using tools such as
tavily/search-assistantandexa/answer, which presents a surface for indirect prompt injection. - Ingestion points:
SKILL.md(outputs from search applications are processed by the agent) - Boundary markers: Absent
- Capability inventory: Bash command execution (
infshtool) - Sanitization: Absent
Audit Metadata