twitter-thread-creation

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These URLs point to a self-hosted CLI installer (curl https://cli.inference.sh | sh) and binaries served from dist.inference.sh with only a plain checksums.txt — executing remote shell scripts and installing unsigned/self-hosted binaries is inherently risky and could distribute malware if the domain or distribution is compromised (example.com/pricing is just a benign placeholder).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows running infsh/agent-browser with arbitrary URLs (e.g., the "Generate screenshots for evidence" example using "https://example.com/pricing") and a web search command (tavily/search-assistant) under "Repurposing to Thread", so the agent is instructed to fetch and ingest public web content/search results which can directly influence thread content and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Quick Start instructs executing remote install code via "curl -fsSL https://cli.inference.sh | sh" (which downloads binaries from dist.inference.sh and runs them), and the skill depends on that infsh CLI at runtime to run remote apps/commands, so the https://cli.inference.sh (and associated dist.inference.sh) fetches and executes remote code the skill requires.