agent-tools
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions include a command to install the CLI by piping a remote script from cli.inference.sh directly into the shell. This is the vendor's official installation method and targets the vendor's own domain.
- [EXTERNAL_DOWNLOADS]: The manual installation process and manifest fetching involve downloading binaries and metadata from dist.inference.sh. These resources are hosted on the vendor's infrastructure.
- [COMMAND_EXECUTION]: The skill is designed to execute the infsh CLI tool via the system shell to perform tasks like user login, app listing, and model execution.
- [PROMPT_INJECTION]: The skill facilitates the execution of AI models by passing user-supplied inputs via the --input flag. This creates a surface for indirect prompt injection where untrusted data could influence the behavior of the targeted AI apps. * Ingestion points: CLI arguments and JSON input files for the infsh app run command in SKILL.md and references/running-apps.md. * Boundary markers: Not specified in the provided scripts. * Capability inventory: Shell execution of the infsh tool via the Bash tool as specified in the allowed-tools section of SKILL.md. * Sanitization: No explicit sanitization of input data is performed by the skill before passing it to the CLI.
Audit Metadata