web-search

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The set contains an explicit instruction to download-and-execute a remote shell script (curl https://cli.inference.sh | sh) and references nonstandard hosting (cloud.inference.sh file links), a high-risk pattern for delivering malware even if other docs/links appear benign.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly shows running tavily/extract and exa/extract on arbitrary URLs (e.g., the "Tavily Extract" and "Exa Extract" examples and the "Workflow: Extract + Summarize" steps) which fetch and feed open/public web content into downstream LLM workflows, exposing the agent to untrusted third‑party content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Quick Start instructs users to run "curl -fsSL https://cli.inference.sh | sh", which fetches and immediately executes remote shell code from https://cli.inference.sh at runtime and is required to install/run the infsh CLI used by the skill.