youtube-thumbnail-design
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs users to install the 'infsh' tool by running 'curl -fsSL https://cli.inference.sh | sh'. This method of piping a remote script directly into a shell allows for arbitrary remote code execution from an unverified source, posing a severe security risk to the host system.\n- [COMMAND_EXECUTION]: The skill's metadata allows for the execution of 'infsh' commands using the 'Bash' tool. These commands are used to perform authentication and execute image generation applications based on user input.\n- [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection by incorporating unvalidated user input into image generation prompts used with the 'infsh' CLI.\n
- Ingestion points: User-defined text is accepted into the 'prompt' field of the JSON input for the 'infsh app run' command in SKILL.md.\n
- Boundary markers: The skill uses JSON keys and single quotes to encapsulate the input string within the command line.\n
- Capability inventory: The skill possesses the ability to execute the 'infsh' command via the Bash tool.\n
- Sanitization: There is no evidence of sanitization, escaping, or filtering of the user's input before it is passed to the remote generation tool.\n- [EXTERNAL_DOWNLOADS]: The skill recommends using 'npx skills add' to download and integrate additional skill components from the 'inference-sh/skills' repository, which involves downloading code from an external registry.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata