p-image
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the "infsh" (Inference Shell) CLI tool to interact with the inference.sh platform. This is a standard and expected behavior for this type of skill.
- [PROMPT_INJECTION]: The skill processes user-provided prompts as input for AI models. While this represents a surface for indirect prompt injection, it is essential for the skill's primary purpose and uses structured JSON for parameter passing.
- Ingestion points: Untrusted data enters via the "--input" flag in shell commands within SKILL.md.
- Boundary markers: The prompt content is encapsulated within a JSON object string.
- Capability inventory: Shell execution of the "infsh" binary (SKILL.md).
- Sanitization: No explicit sanitization is performed in the markdown; the skill relies on the destination platform's safety protocols.
Audit Metadata