inference-sh-cli
Fail
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill repeatedly instructs the user/agent to install the CLI tool using the pattern
curl -fsSL https://cli.inference.sh | sh. Executing remote scripts by piping them directly into a shell is a dangerous practice that can lead to arbitrary code execution if the source or connection is compromised.\n- [DATA_EXFILTRATION]: The skill documentation describes the ability to upload local files to the remote inference.sh platform (e.g., for image/video processing). This capability creates a significant risk of data exfiltration, as an agent could be instructed to upload sensitive local files such as credentials, configuration files, or private keys.\n- [COMMAND_EXECUTION]: The skill is designed to use the terminal tool to execute shell commands. This grants the agent a high degree of autonomy over the local environment, which increases the impact of other vulnerabilities such as argument injection or malicious tool output.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Ingestion points: The agent processes JSON output from theinfshcommand-line tool, which fetches data from an external API. Boundary markers: No delimiters or boundary markers are defined in the instructions to distinguish external data from agent instructions. Capability inventory: The agent has access to the terminal tool for command execution and file operations. Sanitization: The skill does not describe any validation or escaping mechanisms for content retrieved from the remote service before it is interpreted by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata