qwen-image
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The documentation explicitly recommends the command
curl -fsSL https://cli.inference.sh | shfor installation. This is a high-severity pattern because it downloads and executes a remote script in the host's shell environment without prior verification or sandboxing. - [EXTERNAL_DOWNLOADS]: The skill relies on binaries and configuration files downloaded from
cli.inference.shanddist.inference.shat runtime or during setup. While the skill claims to verify SHA-256 checksums, the initial bootstrap script remains a critical trust-link. - [COMMAND_EXECUTION]: The skill requests permission to use
Bashto executeinfshcommands. The security of these operations is entirely dependent on the integrity of the binary installed via the untrusted remote execution script. - [PROMPT_INJECTION]: The skill processes user-provided strings and external image URLs through the CLI, posing a risk for indirect prompt injection.
- Ingestion points: Untrusted data enters via the
promptandreference_imagesfields in theinfsh app runexamples inSKILL.md. - Boundary markers: Absent. User input is interpolated directly into JSON structures for CLI execution.
- Capability inventory: The skill uses
Bash(infsh *)to perform network-based inference and local command execution. - Sanitization: No explicit sanitization or validation of input prompts or image metadata is implemented in the skill definition.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata