qwen-image-pro
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill directs the agent to execute a shell script fetched from https://cli.inference.sh using the curl | sh pattern. This allows unverified remote code to run with the user's shell privileges.
- [EXTERNAL_DOWNLOADS]: During the installation process, the skill downloads executable binaries from dist.inference.sh. While the documentation mentions checksum verification, the initial installation script itself is unverified.
- [COMMAND_EXECUTION]: The skill requires the Bash tool to run the infsh command, which is used to interface with the Alibaba Qwen-Image model.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface through user-provided prompt data. 1. Ingestion points: The prompt field in the infsh command and the inferencesh Python SDK. 2. Boundary markers: Parameters are passed within JSON-formatted strings, providing structural separation. 3. Capability inventory: The skill possesses the ability to execute shell commands via the infsh tool. 4. Sanitization: There is no evidence of sanitization or filtering of the user-provided prompt before it is passed to the underlying CLI or library.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata