dialogue-audio

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These are a third‑party CLI installer and binary distribution (curl | sh to cli.inference.sh, binaries from dist.inference.sh) on a relatively unknown domain — executing remote install scripts and downloading executables from an unverified source is inherently risky even if checksums are provided unless you can independently verify the publisher and checksum integrity.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Quick Start includes an explicit "curl -fsSL https://cli.inference.sh | sh" which fetches and executes remote install code (and pulls binaries from dist.inference.sh) and the skill depends on that CLI to run, so this is a clear remote-code execution dependency.