app-store-screenshots

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These URLs host a third‑party installer that suggests running a remote script via curl|sh and downloads platform binaries plus checksums from the same non‑well‑known domain—behavior that can be legitimate but is higher risk because the remotely executed script and co‑hosted checksums allow distribution of arbitrary/malicious binaries if the domain or transport is compromised.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Quick Start instructs running remote code via "curl -fsSL https://cli.inference.sh | sh" (which downloads binaries from dist.inference.sh), so the skill requires and executes external code from https://cli.inference.sh (and dist.inference.sh) as a runtime/install dependency.