background-removal
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requests permission to run
infshcommands via the Bash tool. This is the primary method for performing background removal and image editing tasks. - [EXTERNAL_DOWNLOADS]: The instructions suggest using
npxto fetch and install additional skills from theinference-shorganization, which is the provider of the underlying infrastructure. - [DATA_EXFILTRATION]: User-provided images and prompts are sent to external cloud platforms (
inference.shandfal.ai) to perform inference. This behavior is necessary for the skill's intended functionality. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the ingestion of untrusted image URLs and natural language prompts in
SKILL.mdexamples. It lacks boundary markers or sanitization while having the capability to execute commands viaBashas seen inSKILL.md.
Audit Metadata