infsh-cli
Fail
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions recommend installing the CLI using the command
curl -fsSL https://cli.inference.sh | sh. This pattern, which pipes a remote script directly into a shell, allows for the execution of arbitrary code from a remote source that is not on a pre-defined trusted list. - [EXTERNAL_DOWNLOADS]: The installation process (both automated and manual) involves downloading binary executables and manifests from
dist.inference.sh. While the instructions mention checksum and signature verification, the process relies on fetching and executing remote content. - [COMMAND_EXECUTION]: The skill utilizes the
beltCLI tool to perform various operations. The agent is granted the capability to run these commands, which include managing authentication, searching for apps, and executing cloud-based tasks. - [DATA_EXFILTRATION]: The
beltCLI includes functionality for automatic local file uploads. When a user provides a local file path as an input argument to an app command, the tool reads that file from the local file system and uploads it to the inference.sh cloud infrastructure to process the request.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata