agent-tools

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Most links are documentation pages and an image on a single inference.sh domain (not obviously typosquatting), but the instructions to run a remote installer via "curl https://cli.inference.sh | sh" represent a direct .sh download-and-execute pattern which is a high-risk distribution vector if the site or account is compromised.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly shows running web-search apps (e.g., "infsh app run tavily/search-assistant" in Quick Examples and the "What's Available" / references/app-discovery.md listing Tavily/Exa search) and includes Twitter/X automation, so the agent can fetch and must read public web and social content (untrusted, user-generated) that could influence subsequent actions.