building-inferencesh-apps

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The docs and GitHub repo appear to be normal documentation/repository resources, but the install instruction uses a direct "curl ... | sh" from cli.inference.sh (a remote shell script execution) which is a common high-risk vector for malware, so the overall risk is elevated.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly shows runtime downloading/ingesting of untrusted third-party content — e.g., references/node-app-logic.md demonstrates using File.from(inputData.imageUrl) which "downloads and caches URLs", and references/python-patterns.md shows snapshot_download(...) from the public HuggingFace hub — meaning arbitrary external content is fetched and can influence app behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes multiple install commands that fetch-and-execute remote scripts (e.g., curl -fsSL https://cli.inference.sh | sh, curl -LsSf https://astral.sh/uv/install.sh | sh and its PowerShell variant https://astral.sh/uv/install.ps1 | iex, curl -fsSL https://fnm.vercel.app/install | bash, and curl ...raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh | bash), which are runtime setup steps that download and execute remote code and are presented as required prerequisites, creating a high-confidence remote code execution risk.