customer-persona
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs users to install a CLI tool using the command
curl -fsSL https://cli.inference.sh | sh. This is a critical security risk because it executes a remote script with the current user's privileges without allowing for inspection or verification of the script's content. If the remote server is compromised or the script is malicious, it can lead to full system take-over.\n- [EXTERNAL_DOWNLOADS]: The skill automatically downloads binaries and configuration files fromcli.inference.shanddist.inference.sh. While the documentation claims to verify checksums, the initial installation vector is unverified, rendering subsequent security claims untrustworthy.\n- [COMMAND_EXECUTION]: The skill requires access to theBashtool with a wildcard permission (infsh *). This grants the agent the ability to execute any command within theinfshecosystem, including authenticating to remote services and running arbitrary remote AI applications with local data.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it takes user-provided data and passes it directly to external AI models and search tools.\n - Ingestion points: The skill processes user inputs for search queries and image generation prompts via the
infsh app runcommand inSKILL.md.\n - Boundary markers: No delimiters or safety instructions are used to separate user data from the system's execution logic.\n
- Capability inventory: The skill can execute shell commands (
Bash) and perform network requests through theinfshCLI.\n - Sanitization: There is no evidence of input validation or escaping for the JSON payloads sent to the CLI tools.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata