ai-automation-workflows

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These URLs include an unverified domain serving a shell installer (curl ... | sh from https://cli.inference.sh), direct-hosted files on a personal cloud subdomain, and a webhook endpoint—together forming a high-risk pattern for remote code execution, malware distribution, or data exfiltration if the sources are not trusted.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The workflow's "Research" step calls RESEARCH=$(infsh app run tavily/search-assistant --input "{ "query": "$TOPIC latest developments" }"), which indicates it pulls open web/search results (untrusted third-party content) and then injects that content into subsequent model prompts (e.g., the article-writing step), exposing the agent to indirect prompt injection.