image-upscaling
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions encourage the execution of a remote script directly in the shell using
curl -fsSL https://cli.inference.sh | sh, which allows for arbitrary code execution from a third-party source.- [EXTERNAL_DOWNLOADS]: The installation script retrieves binary executables and security checksums fromdist.inference.shtailored to the user's system architecture.- [COMMAND_EXECUTION]: The skill uses theBashtool to invokeinfshCLI commands for image upscaling, authentication, and service management.- [DATA_EXFILTRATION]: User-provided image URLs and processing metadata are transmitted to external endpoints (inference.shandfal.ai) for cloud processing, which is the core functionality of the skill.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata