qwen-image
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The Quick Start section contains the command
curl -fsSL https://cli.inference.sh | sh, which downloads and executes a script from a remote server directly in the shell. This is an unverified remote code execution pattern. - [EXTERNAL_DOWNLOADS]: The skill downloads binaries and metadata from dist.inference.sh and cli.inference.sh during the setup and execution process.
- [COMMAND_EXECUTION]: The skill requires the
Bashtool to execute theinfshcommand-line utility for generating and editing images. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. 1. Ingestion points: The
promptandreference_imagesfields in the input for theinfshtool. 2. Boundary markers: Absent; user input is interpolated directly into a JSON string passed to the CLI. 3. Capability inventory: Permission to executeBash(infsh *). 4. Sanitization: There is no evidence of sanitization or escaping of the user-provided prompt before it is passed to the command line, which could lead to command or instruction injection if the agent handles quoting incorrectly.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata