ai-video-generation

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The bundle contains an instruction to curl and pipe a remote shell script (curl -fsSL https://cli.inference.sh | sh) from an unverified domain plus numerous ambiguous media/download links hosted on the same non‑widely‑known domain, which is a high‑risk pattern for distributing malware even though many links are just docs/media.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill accepts and processes arbitrary external URLs (e.g., "image_url", "audio_url", "video_url", and the "videos" array in the infsh app run examples) which will fetch untrusted third‑party content from the open web and have the agent read/interpret that media, enabling indirect prompt injection.