app-store-screenshots
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation references a remote installation script for the 'infsh' CLI located at 'https://raw.githubusercontent.com/inference-sh/skills/refs/heads/main/cli-install.md'.
- [EXTERNAL_DOWNLOADS]: The skill suggests installing additional dependencies and skills from an external organization using 'npx skills add inference-sh/skills@...'.
- [COMMAND_EXECUTION]: The skill uses the 'infsh' command to interact with AI models. While restricted by the 'allowed-tools' configuration, it involves executing shell commands with parameters derived from user input.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by interpolating user-provided prompts directly into tool parameters.
- Ingestion points: User prompts within command examples in 'SKILL.md'.
- Boundary markers: Absent; no instructions are provided to delimit or ignore embedded instructions within the user-supplied data.
- Capability inventory: Execution of the 'infsh' command via the Bash tool.
- Sanitization: Absent; prompt strings are interpolated into JSON structures within shell commands without explicit escaping or validation.
Audit Metadata