infer-upgrade

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly runs and echoes the first line of a user config file (cat ~/.infer/config.json into MCP_CONFIG), which will expose whatever is in that file — including API keys or tokens — as verbatim output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's update workflow explicitly fetches code and metadata from public third‑party sources—npm (npm view / npx @inferevents/mcp@latest) and GitHub via "npx skills add infer-events/skills" in Step 3c—thereby installing/running untrusted public content that can alter agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs and installs third‑party packages at runtime (e.g., npx @inferevents/mcp@latest, npx skills add infer-events/skills, and npm install @inferevents/sdk@latest), which fetches and executes remote code and can therefore directly control agent behavior.