product-changelog
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation includes a command to install the Inference CLI using a pipe-to-shell pattern:
curl -fsSL https://cli.inference.sh | sh. This executes unverified remote code directly in the user's environment. - [EXTERNAL_DOWNLOADS]: The skill uses the
npxtool to dynamically download and add remote skills from theinference-sh/skillsrepository at runtime. - [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to executeinfshcommands, which interact with external cloud services to run applications and manage configurations. - [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of remote AI models (e.g.,
falai/flux-dev-lora,infsh/agent-browser) by passing user-defined arguments to theinfsh app runcommand. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted user data for changelogs and visual generation and passes it directly to tool execution.
- Ingestion points: User-provided changelog text and visual prompts in
SKILL.mdexamples. - Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands in the processed data.
- Capability inventory: The skill has access to the
Bashtool withinfshcapabilities, enabling network operations and remote app execution. - Sanitization: Absent; the skill does not implement validation or escaping for the strings interpolated into the
infshcommand arguments.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata