video-ad-specs

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). The skill instructs piping a shell script from cli.inference.sh (and the inference.sh domain) directly into sh (curl | sh), which is executing a remote installer from an unverified domain — a common and high-risk malware distribution pattern.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill’s Quick Start runs a runtime command that downloads and pipes a remote installer to the shell—curl -fsSL https://cli.inference.sh | sh—which executes remote code and is required to obtain the infsh CLI used to run and control the prompt-driven apps.