infsh-cli
Fail
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions direct the installation of a CLI tool by piping a remote script directly into the shell using the command
curl -fsSL https://cli.inference.sh | sh. This execution method allows for arbitrary command execution from an external server without prior verification. - [EXTERNAL_DOWNLOADS]: The skill facilitates the download and execution of binary files from
dist.inference.shduring the installation and update processes. Although a manual verification path is provided as an alternative, the default recommendation is to run unverified remote code. - [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to executebeltCLI commands. These commands interact with external AI services, perform network operations, and access local files when provided as input. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data (user-defined prompts and local files) for processing by remote AI models. Ingestion points:
--inputparameters and local file paths used inbelt app run. Boundary markers: None. Capability inventory: Bash execution ofbeltcommands with network communication and file access. Sanitization: None detected in instructions.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata