infsh-cli
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill includes instructions to install the vendor's CLI tool using a shell pipe pattern:
curl -fsSL https://cli.inference.sh | sh. This is a vendor-provided installation script. The documentation also describes manual installation steps involving checksum verification (SHA-256) and signature verification ifcosignis present, which follows security best practices. - [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to run thebeltcommand-line utility. These commands are used to interact with the inference.sh API for tasks such as app discovery, model execution, and task management. It also includes instructions for setting up shell completions which may require write access to system directories. - [DATA_EXFILTRATION]: The CLI is designed to upload local files (e.g., images, audio, video) to the vendor's cloud servers for processing by AI models. This behavior is the intended primary function of the skill and is explicitly documented for the user.
- [EXTERNAL_DOWNLOADS]: The installation process and the CLI tool itself download binaries and metadata from the vendor's domains (
cli.inference.sh,dist.inference.sh). These are recognized as vendor-owned resources. - [PROMPT_INJECTION]: The skill processes untrusted input data via the
--inputflag. - Ingestion points: User-provided JSON files or strings in
running-apps.md. - Boundary markers: Absent.
- Capability inventory: Subprocess calls via the
Bashtool to runbeltcommands inSKILL.md. - Sanitization: Absent.
Audit Metadata