product-changelog

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Potentially suspicious: they instruct piping a remote installer (https://cli.inference.sh | sh) and downloading binaries from an unfamiliar domain (dist.inference.sh) with only plaintext checksums (no signature), which is a common malware distribution pattern; the your-app.com link is likely benign but not relevant.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Generating Visuals" section instructs running infsh app run infsh/agent-browser with a "url" (e.g., "https://your-app.com/new-feature"), which has the agent fetch/browse arbitrary external webpages (untrusted third-party content) that it would read/use to produce visuals and could influence subsequent outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Quick Start instructs running "curl -fsSL https://cli.inference.sh | sh", which fetches and executes a remote install script from https://cli.inference.sh (and then downloads binaries from dist.inference.sh), making this an in-runtime fetch that executes remote code and is required to use the infsh CLI that controls prompt-based runs.