ai-podcast-creation

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These links point to a non‑well‑known domain that instructs users to curl | sh and download native binaries from dist.inference.sh (with checksums hosted on the same domain), which is inherently risky because remote install scripts and same‑domain checksums are not independently verifiable and could be used to distribute malware.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The Quick Start instructs users to run "curl -fsSL https://cli.inference.sh | sh" (which fetches and executes remote code from https://cli.inference.sh, and the installer pulls binaries from dist.inference.sh), so this URL is a runtime external dependency that executes remote code required to use the skill.