flux-image
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Remote Code Execution] (CRITICAL): The skill instructs the user/agent to execute
curl -fsSL https://cli.inference.sh | sh. This pattern is highly dangerous as it downloads a script from a non-trusted domain and executes it immediately without verification. Any compromise of the source domain or the network transit could result in full system compromise. - [External Downloads] (MEDIUM): The skill utilizes
npx skills addto fetch and install additional logic frominference-sh/skills. Sinceinference-shis not on the list of Trusted GitHub Organizations, these dependencies are unverifiable and represent a supply-chain risk. - [Indirect Prompt Injection] (LOW): The skill ingests untrusted user data (image prompts) and interpolates them into bash commands via
infsh app run. - Ingestion points:
SKILL.mdexamples show user prompts being passed as arguments to the CLI. - Boundary markers: Absent; there are no delimiters or instructions to the model to ignore instructions inside the JSON payload.
- Capability inventory: Access to
Bash(infsh *)tool. - Sanitization: Absent; the skill does not appear to sanitize or escape the JSON input before passing it to the external tool.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata