Skills
skills/inference-sh-skills/skills/infsh-cli/Gen Agent Trust Hub

infsh-cli

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references an installation script hosted at https://cli.inference.sh. This is the official domain for the vendor's command-line interface.
  • [REMOTE_CODE_EXECUTION]: The installation instructions utilize a pattern of piping a remote script directly to the shell (curl | sh). While this is a sensitive operation, it is the vendor's documented method for tool deployment from their own infrastructure.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute belt commands for interacting with the inference.sh API, managing AI tasks, and querying model availability. The skill's configuration appropriately restricts the Bash tool to only allow belt commands.
  • [DATA_EXFILTRATION]: The CLI tool includes a feature to automatically upload local files (such as images, video, and audio) to the vendor's cloud infrastructure for processing. This behavior is documented as the primary mechanism for media-related AI workflows.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 06:43 AM
Security Audit — agent-trust-hub — infsh-cli