product-hunt-launch

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These URLs point to an unknown third‑party domain and the prompt instructs curl | sh from https://cli.inference.sh, which is a direct download-and-execute of an unsigned shell installer from an untrusted source and therefore suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to run infsh apps that perform web searches and research (e.g., "infsh app run tavily/search-assistant" and "exa/search") to fetch Product Hunt launches and community sentiment from public web sources, which are untrusted user-generated content the agent would read and interpret.