python-executor

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Most links are documentation and static assets for inference.sh (and benign endpoints like api.github.com/example.com), but the presence of a direct shell installer URL (https://cli.inference.sh) and an explicit "curl ... | sh" install instruction makes this a high-risk download vector because executing a remote .sh from a third‑party domain can run arbitrary, potentially malicious code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill exposes the agent to arbitrary open-web content via its web-scraping and HTTP capabilities (preinstalled libraries like requests, BeautifulSoup, selenium, playwright, scrapy and the "Web Scraping" example using requests.get("https://example.com")), so the agent can fetch and parse untrusted public/user-generated pages as part of its workflow.