Skills
skills/toolshell/skills/qwen-image/Gen Agent Trust Hub

qwen-image

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the infsh CLI tool via Bash to interact with remote AI models. This is the primary intended function of the skill and is confined to the specific infsh binary.
  • [EXTERNAL_DOWNLOADS]: The skill references external content from inference.sh and cloud.inference.sh, which are the official domains for the service provider. It also mentions installing dependencies via npx from the inference-sh vendor.
  • [DATA_EXFILTRATION]: Mentions the infsh login command, which is a standard procedure for authenticating with the inference platform API; no unauthorized credential access was detected.
  • [PROMPT_INJECTION]: As the skill ingests user-defined text prompts and external image URIs for processing by the Qwen model, it has an inherent surface for indirect prompt injection.
  • Ingestion points: Inputs such as prompt and reference_images defined in the JSON payloads within SKILL.md examples.
  • Boundary markers: Uses structured JSON formatting for CLI arguments to separate instructions from data.
  • Capability inventory: Subprocess execution of the infsh command for model inference.
  • Sanitization: No explicit client-side sanitization of prompt text is defined in the documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 01:22 PM