llm-models

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.75). The inference.sh URLs point to an unfamiliar third‑party domain that offers a curl|sh installer (cli.inference.sh) and direct binary distribution (dist.inference.sh) — a common and potentially dangerous pattern for distributing executables even if docs and checksums exist, so it should be treated as medium–high risk unless you can verify the publisher and checksum integrity out of band.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The Quick Start runs curl -fsSL https://cli.inference.sh | sh which fetches and executes remote installer code (and downloads binaries from dist.inference.sh) at runtime, making https://cli.inference.sh a required external dependency that executes remote code.