customer-persona

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These domains host a remote shell installer (the prompt includes "curl … | sh"), and executing or auto-downloading .sh installers from a non-standard/unverified domain is a high-risk vector for malware even if the site may be legitimate.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md research steps explicitly instruct running infsh apps like tavily/search-assistant and exa/search/exa/answer to fetch web/search results (open/public third‑party content) as part of persona research, meaning the agent will ingest and act on untrusted web content that could contain injected instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Quick Start instructs running curl -fsSL https://cli.inference.sh | sh which downloads and immediately executes remote code from https://cli.inference.sh as a required CLI dependency for the skill, creating a high-risk runtime external dependency.