building-inferencesh-apps
Warn
Audited by Snyk on Mar 25, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs apps to download and process arbitrary external URLs (e.g., references/node-app-logic.md shows File.from(inputData.imageUrl) which "downloads and caches URLs", and the Python file-handling notes show inputs are "auto-downloaded"), so untrusted third-party content can be ingested and materially influence app behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The documentation includes multiple piped installer commands that fetch-and-execute remote scripts during setup—examples: https://cli.inference.sh (curl -fsSL https://cli.inference.sh | sh), https://astral.sh/uv/install.sh and https://astral.sh/uv/install.ps1 (curl ... | sh and irm ... | iex), https://fnm.vercel.app/install (curl -fsSL ... | bash), and https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh (curl -o- ... | bash)—which clearly download and execute remote code as required prerequisites.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata