ai-product-photography
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions advise installing the infsh CLI via 'curl -fsSL https://cli.inference.sh | sh', which downloads and executes a script directly in the shell. This pattern is dangerous as it executes unverified remote code.
- [EXTERNAL_DOWNLOADS]: The installation script downloads binary files from dist.inference.sh. While the skill claims SHA-256 verification is performed, the initial script delivery is from an unverified domain.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute infsh commands, providing the agent with the ability to perform arbitrary model inference and potential file system interactions through the CLI.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Evidence: 1. Ingestion points: User-provided prompts and styles are interpolated into the infsh CLI arguments in SKILL.md. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the prompt templates. 3. Capability inventory: Use of Bash(infsh *) tool for remote model execution. 4. Sanitization: There is no evidence of input validation or escaping for the user-supplied prompt strings.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata