image-upscaling
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
infshcommand-line interface to execute image processing workflows. It usesinfsh loginfor user authentication andinfsh app runto trigger remote models like Real-ESRGAN and Topaz. These operations are standard for the tool's intended use. - [EXTERNAL_DOWNLOADS]: The skill recommends using
npx skills addto fetch additional functionality from theinference-sh/skillsrepository. Because this repository belongs to the official vendor (tul-sh), these references are documented as safe vendor operations. - [PROMPT_INJECTION]: The skill accepts user-provided image URLs for processing, which establishes an attack surface for indirect prompt injection (e.g., instructions hidden within the image metadata or content).
- Ingestion points: The
image_urlfield within the JSON input forinfsh app runcommands across the SKILL.md file. - Boundary markers: Absent.
- Capability inventory: The skill can execute remote image processing applications via the
infshtool. - Sanitization: Absent; the skill passes the URLs directly to the external
inference.shplatform for processing.
Audit Metadata