product-changelog

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These URLs host a cohesive set of subdomains under inference.sh that offer a remote install script (curl | sh) and downloadable binaries with checksums, which is potentially risky because piping a remote shell script is unsafe and checksums hosted on the same domain do not provide independent verification unless you trust/verify the publisher out‑of‑band.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Generating Visuals" section instructs running infsh app run infsh/agent-browser with a "url" (e.g., "https://your-app.com/new-feature"), which has the agent fetch/browse arbitrary external webpages (untrusted third-party content) that it would read/use to produce visuals and could influence subsequent outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Quick Start instructs running "curl -fsSL https://cli.inference.sh | sh", which fetches and executes a remote install script from https://cli.inference.sh (and then downloads binaries from dist.inference.sh), making this an in-runtime fetch that executes remote code and is required to use the infsh CLI that controls prompt-based runs.