inference-sh-cli

Fail

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill repeatedly instructs the user/agent to install the CLI tool using the pattern curl -fsSL https://cli.inference.sh | sh. Executing remote scripts by piping them directly into a shell is a dangerous practice that can lead to arbitrary code execution if the source or connection is compromised.\n- [DATA_EXFILTRATION]: The skill documentation describes the ability to upload local files to the remote inference.sh platform (e.g., for image/video processing). This capability creates a significant risk of data exfiltration, as an agent could be instructed to upload sensitive local files such as credentials, configuration files, or private keys.\n- [COMMAND_EXECUTION]: The skill is designed to use the terminal tool to execute shell commands. This grants the agent a high degree of autonomy over the local environment, which increases the impact of other vulnerabilities such as argument injection or malicious tool output.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Ingestion points: The agent processes JSON output from the infsh command-line tool, which fetches data from an external API. Boundary markers: No delimiters or boundary markers are defined in the instructions to distinguish external data from agent instructions. Capability inventory: The agent has access to the terminal tool for command execution and file operations. Sanitization: The skill does not describe any validation or escaping mechanisms for content retrieved from the remote service before it is interpreted by the agent.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 16, 2026, 01:45 PM
Security Audit — agent-trust-hub — inference-sh-cli