image-upscaling
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill contains a Quick Start command
curl -fsSL https://cli.inference.sh | shwhich executes a remote script without verification. Automated scans confirmed this as a critical risk pattern. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill depends on tools hosted at
inference.sh, which is not a verified trusted source, increasing the risk of supply chain attacks. - [COMMAND_EXECUTION] (LOW): The skill suggests using
npxto install additional components, which involves downloading and executing packages from the npm registry. - [PROMPT_INJECTION] (LOW): The skill has an indirect prompt injection surface where it ingests data from tool outputs (e.g., image.json) and interpolates it into shell commands for subsequent steps without boundary markers or sanitization (Category 8).
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata