ai-social-media-content

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These URLs point to an untrusted custom domain that instructs users to curl a remote shell script and pipe it to sh (cli.inference.sh), plus cloud-hosted files and a suspicious placeholder avatar URL — collectively enabling arbitrary code execution or malware delivery, so they are high risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill accepts and passes arbitrary external URLs (e.g., the image_url/audio_url in the bytedance/omnihuman call and media_url in the twitter/post-tweet examples) that will be fetched and consumed by runtime models, exposing the agent to untrusted, user-provided web content that could carry indirect prompt-injection payloads.