skills/skill-zero/s/flux-image/Gen Agent Trust Hub

flux-image

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [Remote Code Execution] (CRITICAL): The skill instructs the user/agent to execute curl -fsSL https://cli.inference.sh | sh. This pattern is highly dangerous as it downloads a script from a non-trusted domain and executes it immediately without verification. Any compromise of the source domain or the network transit could result in full system compromise.
  • [External Downloads] (MEDIUM): The skill utilizes npx skills add to fetch and install additional logic from inference-sh/skills. Since inference-sh is not on the list of Trusted GitHub Organizations, these dependencies are unverifiable and represent a supply-chain risk.
  • [Indirect Prompt Injection] (LOW): The skill ingests untrusted user data (image prompts) and interpolates them into bash commands via infsh app run.
  • Ingestion points: SKILL.md examples show user prompts being passed as arguments to the CLI.
  • Boundary markers: Absent; there are no delimiters or instructions to the model to ignore instructions inside the JSON payload.
  • Capability inventory: Access to Bash(infsh *) tool.
  • Sanitization: Absent; the skill does not appear to sanitize or escape the JSON input before passing it to the external tool.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 10:53 AM
Security Audit — agent-trust-hub — flux-image