infsh-cli
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions recommend installing the CLI using
curl -fsSL https://cli.inference.sh | sh. This is a high-risk pattern that executes remote code directly in the system shell without user inspection. - [EXTERNAL_DOWNLOADS]: The installation process downloads executable binaries from
dist.inference.sh. Additionally, the skill suggests adding more features usingnpx skills add, which involves downloading and executing external packages. - [COMMAND_EXECUTION]: The skill's core functionality relies on executing
infshcommands via theBashtool to interact with remote AI models and automate tasks. - [DATA_EXFILTRATION]: The CLI documentation highlights an 'automatic local file upload' feature. When a local file path is provided in an input field, the CLI automatically uploads the file to the vendor's cloud service. This capability could be exploited to exfiltrate sensitive data if the agent is instructed to process sensitive files.
- [PROMPT_INJECTION]: The skill ingests and processes data from various external AI models and search engines, creating a surface for indirect prompt injection where untrusted content could influence the agent's behavior.
- Ingestion points: Outputs from
infsh app runacross multiple AI models (documented in SKILL.md and references/running-apps.md). - Boundary markers: No explicit delimiters or instructions to ignore embedded instructions are present in the examples or prompts.
- Capability inventory: Subprocess execution via Bash tool, file reading, and network access.
- Sanitization: No evidence of validation or sanitization of external model outputs before processing.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata