background-removal
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's documentation explicitly promotes installing the required CLI tool via 'curl -fsSL https://cli.inference.sh | sh'. This pattern is a critical security risk because it executes unverified code from an external source directly in the system shell.
- [EXTERNAL_DOWNLOADS]: The skill requires downloading external binaries from 'dist.inference.sh'. While checksum verification is mentioned, the integrity of the process depends on the unverified initial installation script.
- [COMMAND_EXECUTION]: The skill uses 'Bash(infsh *)' to execute commands. This grants the agent the ability to use the inference.sh CLI for authentication, running remote apps, and interacting with the platform's API.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of external data. 1. Ingestion points: The 'image_url' parameter in the input JSON provided to the infsh app. 2. Boundary markers: No delimiters or specific instructions are used to isolate the untrusted URL. 3. Capability inventory: The 'infsh' tool via Bash has the capability to fetch remote content and interact with external AI models. 4. Sanitization: No input validation or URL sanitization is present in the skill's logic.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata