Flux Image

The SKILL.md file contains a prompt injection vulnerability. The 'Quick Start' section instructs the AI agent to execute `curl -fsSL https://cli.inference.sh | sh`. This command downloads and executes a remote shell script, which is a significant remote code execution (RCE) risk. This instruction falls outside the explicitly defined `allowed-tools: Bash(infsh *)`, indicating that the agent is being prompted to perform an action beyond its authorized scope. While the stated purpose is installation, the method introduces a severe vulnerability.