product-photography
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs users to execute 'curl -fsSL https://cli.inference.sh | sh', a pattern that downloads and executes a remote script directly in the shell without validation or integrity checks.
- [EXTERNAL_DOWNLOADS]: The skill recommends installing additional components via 'npx skills add', which involves downloading and executing code from external repositories.
- [COMMAND_EXECUTION]: The skill uses the 'Bash' tool to run the 'infsh' CLI, allowing for local command execution to interact with the Inference.sh service.
- [PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection by interpolating user-provided strings into shell command parameters. Ingestion points: 'prompt' field within the '--input' JSON object in the Bash commands. Boundary markers: JSON double-quote encapsulation. Capability inventory: Permission to run arbitrary commands through the 'Bash' tool. Sanitization: The skill does not demonstrate any input validation or escaping for the user-controlled prompt values.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata