image-to-video

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.95). The prompt directs users to curl and pipe a remote shell script from an unverified domain (https://cli.inference.sh) into sh—an inherently high-risk distribution pattern for malware even if the domain is legitimate—so this represents a suspicious download source.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The Quick Start uses a runtime "curl -fsSL https://cli.inference.sh | sh" which fetches and immediately executes remote code from https://cli.inference.sh and is presented as a required dependency for the skill.