skills/skills-shell/skills/infsh-cli/Gen Agent Trust Hub

infsh-cli

Fail

Audited by Gen Agent Trust Hub on Jul 10, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructions direct the installation of a CLI tool by piping a remote script directly into the shell using the command curl -fsSL https://cli.inference.sh | sh. This execution method allows for arbitrary command execution from an external server without prior verification.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download and execution of binary files from dist.inference.sh during the installation and update processes. Although a manual verification path is provided as an alternative, the default recommendation is to run unverified remote code.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute belt CLI commands. These commands interact with external AI services, perform network operations, and access local files when provided as input.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data (user-defined prompts and local files) for processing by remote AI models. Ingestion points: --input parameters and local file paths used in belt app run. Boundary markers: None. Capability inventory: Bash execution of belt commands with network communication and file access. Sanitization: None detected in instructions.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 10, 2026, 07:03 PM