The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The primary installation method for the CLI tool involves piping a remote script directly into the shell: curl -fsSL https://cli.inference.sh | sh. This pattern is highly susceptible to Man-In-The-Middle (MITM) attacks or supply chain compromises. While a manual verification method is documented as an alternative, the default recommendation is unsafe.
[EXTERNAL_DOWNLOADS]: The skill downloads binary executables and manifests from remote domains: cli.inference.sh and dist.inference.sh. Although these are vendor-owned resources, the automated retrieval and execution of external binaries constitute a security risk.
[DATA_EXFILTRATION]: The infsh tool provides a 'Local File Uploads' feature that automatically uploads files when a local path is provided in the input (e.g., infsh app run ... --input '/path/to/photo.jpg'). This capability creates a risk for accidental or malicious exfiltration of sensitive files (like .env files, SSH keys, or cloud credentials) to the vendor's cloud infrastructure if the agent is tricked into processing a path for a non-intended file.
[COMMAND_EXECUTION]: The skill instructions include commands that write to system-wide configuration directories, such as /etc/bash_completion.d/infsh. This typically requires elevated (root) privileges and can be used to achieve persistence or modify shell behavior for all users on the system.
[CREDENTIALS_UNSAFE]: The documentation encourages the use of INFSH_API_KEY as an environment variable for authentication. While no specific keys are hardcoded in the skill files, the practice of handling long-lived API keys in environment variables requires careful management to prevent exposure in logs or process lists.

infsh-cli