case-study-writing

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These URLs point to a domain serving an installer script (used with "curl | sh") from an unverified source — a high-risk pattern because it executes remote code without signature verification and could be used to distribute malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and research open web content via inference.sh commands (e.g., "infsh app run tavily/search-assistant", "exa/search", "exa/answer") to gather industry benchmarks and competitor information from public sources, which are untrusted third‑party/user‑generated content the agent would read and interpret.