The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill documentation instructs users to install the CLI tool using curl -fsSL https://cli.inference.sh | sh. This is a remote code execution pattern where a script is fetched from a remote server and piped directly into the shell. While it originates from the vendor's domain, this method circumvents traditional package security checks and allows the remote script to execute arbitrary commands.
[EXTERNAL_DOWNLOADS]: The skill relies on external resources, including binaries downloaded from dist.inference.sh and configuration/images from cloud.inference.sh. It also suggests adding further skills via npx, which involves downloading and executing Node.js packages at runtime.
[COMMAND_EXECUTION]: The skill requires access to the Bash tool with a specific permission for the infsh command. It uses this tool to execute system-level commands that interact with the inference platform.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). Evidence: 1. Ingestion point: User-provided prompts and image URLs are processed by the skill in SKILL.md. 2. Boundary markers: Input is structured as JSON, but there are no explicit delimiters or instructions to the agent to ignore instructions embedded in the user data. 3. Capability inventory: The skill uses the Bash(infsh *) tool which allows for external network operations and data processing. 4. Sanitization: No sanitization or shell-escaping logic is visible in the prompt templates, creating a risk that malicious user input could manipulate the command execution flow.

nano-banana