competitor-teardown

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.85). The presence of a remote installer script (https://cli.inference.sh) intended to be piped directly to sh plus a distribution subdomain (dist.inference.sh) hosting checksums/binaries are high-risk indicators (remote executable delivery and automatic execution); checksums hosted on the same domain do not fully mitigate supply-chain risk — the competitor.com pages are normal content but not the risky items.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and scrape public websites and user-generated sources (e.g., infsh/agent-browser screenshots of competitor.com and competitor.com/pricing, tavily/extract on pricing pages, and search commands targeting G2, Capterra, Reddit, Product Hunt) and to use that content to drive analyses (reviews, SWOT, pricing, positioning), which exposes the agent to untrusted third-party content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Quick Start instructs running a runtime install command that fetches and executes remote code ("curl -fsSL https://cli.inference.sh | sh") and pulls binaries from https://dist.inference.sh, which the skill then relies on to run infsh apps that execute remote agents — so these URLs directly enable remote code execution and control the agent runtime.