pitch-deck-visuals

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These URLs are suspicious because the skill instructs piping and executing a remote shell script (curl https://cli.inference.sh | sh) from an unrecognized domain (inference.sh / cli.inference.sh), which permits arbitrary code execution and is a common malware distribution vector despite using HTTPS.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes a runtime installation command that fetches and executes remote code ("curl -fsSL https://cli.inference.sh | sh"), which is a required dependency for the subsequent infsh commands—so https://cli.inference.sh is a runtime external dependency that executes remote code.