infsh-cli
Fail
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions for the 'belt' CLI recommend downloading a script from a remote URL (
https://cli.inference.sh) and piping it directly into a shell (| sh). This pattern executes arbitrary code from a remote source on the local system. - [DATA_EXFILTRATION]: The CLI tool is configured to automatically upload local files to the vendor's infrastructure (
inference.sh) whenever a local file path is provided in the input JSON for an app execution (e.g.,belt app run). This results in local data being sent to remote servers as part of the primary tool functionality. - [EXTERNAL_DOWNLOADS]: The skill's installation process and manual setup guides fetch binaries, manifests, and checksums from
dist.inference.sh. The vendor provides SHA-256 checksums and Sigstore signatures for verification of these downloads. - [COMMAND_EXECUTION]: The skill defines
Bash(belt *)as an allowed tool, enabling the agent to execute any sub-command of thebeltCLI on the host system to perform tasks like running AI models, authenticating, and managing cloud tasks. - [PERSISTENCE_MECHANISMS]: The CLI reference provides instructions for setting up shell completions by writing to system directories such as
/etc/bash_completion.d/or shell-specific configuration paths.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata