product-changelog
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
infshCLI (allowed in the YAML frontmatter) to perform operations like logging in and running specific AI applications for image generation and image stitching. - [EXTERNAL_DOWNLOADS]: Mentions external installation instructions for the
infshCLI hosted on the vendor's GitHub repository (inference-sh/skills). This is a legitimate reference to the vendor's own tooling. - [REMOTE_CODE_EXECUTION]: While the skill references external applications via
infsh app run, these are calls to established AI models (like falai/flux-dev-lora or bytedance/seededit) within the vendor's ecosystem rather than arbitrary script execution from untrusted sources.
Audit Metadata