skills/skill-zero/s/image-upscaling/Gen Agent Trust Hub

image-upscaling

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill contains a Quick Start command curl -fsSL https://cli.inference.sh | sh which executes a remote script without verification. Automated scans confirmed this as a critical risk pattern.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill depends on tools hosted at inference.sh, which is not a verified trusted source, increasing the risk of supply chain attacks.
  • [COMMAND_EXECUTION] (LOW): The skill suggests using npx to install additional components, which involves downloading and executing packages from the npm registry.
  • [PROMPT_INJECTION] (LOW): The skill has an indirect prompt injection surface where it ingests data from tool outputs (e.g., image.json) and interpolates it into shell commands for subsequent steps without boundary markers or sanitization (Category 8).
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 10:53 AM
Security Audit — agent-trust-hub — image-upscaling