linkedin-content

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These URLs host a private .sh installer that instructs users to curl | sh and download binaries from the same small domain (with checksums also hosted there), which is an unsafe distribution pattern for executables from an unverified vendor and therefore suspicious unless independently verified (PGP-signed releases, reputable repo, or known vendor identity).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The Quick Start explicitly shows running "infsh app run tavily/search-assistant" with a query for "LinkedIn viral post examples 2024," which indicates the agent will fetch and read public, user-generated social media content (LinkedIn posts) and use that content to guide post-writing behavior, enabling indirect instruction influence.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Quick Start instructs running "curl -fsSL https://cli.inference.sh | sh" which fetches and executes a remote install script (and downloads binaries from https://dist.inference.sh) at runtime and is a required dependency for the infsh commands described.