content-repurposing

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These URLs point to an unknown third‑party domain offering a remote installer (the README uses "curl ... | sh"), which is a high‑risk pattern because it executes arbitrary remote code from an unverified source and could be used to distribute malware.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's Quick Start instructs running "curl -fsSL https://cli.inference.sh | sh" which fetches and immediately executes remote shell code from https://cli.inference.sh as a required CLI dependency, so the URL directly controls code executed at runtime.