python-executor

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Most links are documentation or benign assets, but the skill explicitly tells users to run "curl -fsSL https://cli.inference.sh | sh" (downloading and piping a remote shell script to execute), which is a high‑risk pattern because a remote .sh installer from a not‑widely‑known domain can deliver malware or perform arbitrary actions.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows web-scraping and API examples (e.g., requests.get("https://example.com")) and lists pre-installed libraries like requests, BeautifulSoup, selenium, and playwright, so agent-provided Python code can fetch and parse arbitrary public web pages/APIs and use that untrusted content to drive decisions or actions at runtime.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Quick Start includes a direct remote-execution command "curl -fsSL https://cli.inference.sh | sh" which fetches and runs an installer from https://cli.inference.sh (executing remote code) and is presented as the required CLI dependency to run the skill.