infsh-cli
Fail
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill promotes an installation method using
curl -fsSL https://cli.inference.sh | shinSKILL.md,references/authentication.md, andreferences/cli-reference.md. This pattern downloads and executes a remote script directly in the shell without prior verification, posing a significant security risk. - [EXTERNAL_DOWNLOADS]: The skill fetches binaries and configuration files from
cli.inference.shanddist.inference.shduring the installation and update processes. - [DATA_EXFILTRATION]: The CLI automatically uploads local files to the
inference.shcloud when a file path is provided in the input JSON, which sends local data to third-party servers. This is documented as a core feature for AI processing inSKILL.mdandreferences/running-apps.md. - [COMMAND_EXECUTION]: The skill is authorized to use the
Bashtool to executeinfshcommands, which perform network operations and handle local file uploads. - [CREDENTIALS_UNSAFE]: The documentation guides users to set an
INFSH_API_KEYenvironment variable and explains thatinfsh loginstores session credentials on the local filesystem, as described inreferences/authentication.md. - [PROMPT_INJECTION]: The skill processes untrusted data from third-party AI apps and local files, creating a surface for indirect prompt injection.
- Ingestion points: App input fields and local file uploads (SKILL.md).
- Boundary markers: Absent.
- Capability inventory: Subprocess calls via
infshcommands (SKILL.md). - Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata