agent-tools
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill facilitates the installation and update of the
infshCLI through a shell pipe pattern (curl -fsSL https://cli.inference.sh | sh). This method executes remote code without prior inspection, creating a significant risk of arbitrary code execution if the remote server or the network connection is compromised. - [EXTERNAL_DOWNLOADS]: The skill downloads various resources, including platform-specific binaries, checksum files, and metadata manifests, from
dist.inference.shandcli.inference.shduring the setup and update processes. - [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to executeinfshcommands, which involves managing system processes, local authentication, and network-based AI task execution. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by accepting user-supplied prompts and JSON data for processing by various AI applications.
- Ingestion points: User prompts and input files are ingested via the
infsh app run --inputcommand as described inSKILL.mdandreferences/running-apps.md. - Boundary markers: No specific boundary markers or "ignore embedded instructions" warnings are implemented to protect the tool input.
- Capability inventory: The
infshtool can perform network operations, file writing (via--save), and access remote AI services (e.g., Twitter/X, search engines). - Sanitization: There is no evidence of input validation or sanitization before external content is passed to the underlying CLI tool.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata