seo-content-brief

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These URLs are suspicious because the skill instructs piping a remote shell script (curl https://cli.inference.sh | sh) from an unverified domain (inference.sh/cli.inference.sh) — a high-risk pattern for malware distribution — and the other example domains (top-result-1/2.com) are generic/unknown placeholders that could host malicious content or redirects.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to run web searches and extract/analyze top-ranking public URLs (e.g., the infsh commands like "infsh app run tavily/search-assistant" and "infsh app run tavily/extract" with "urls": ["https://top-result-1.com/article", ...]), which fetches and ingests untrusted public web content for SERP and competitor analysis.