web-search

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These URLs point to an unofficial third‑party CLI and associated distribution endpoints that instruct users to run a remote install script (curl ... | sh) and download binaries/checksums from the same non-major domain — a common supply‑chain/remote‑code‑execution vector unless you fully trust and independently verify the artifacts and signatures.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and extract content from arbitrary web URLs using apps like tavily/extract and exa/extract (see the "Tavily Extract" and "Exa Extract" examples and the "Workflow: Extract + Summarize" section), meaning untrusted third-party page content is ingested and then used as input to LLMs — enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The Quick Start instructs running "curl -fsSL https://cli.inference.sh | sh", which fetches and immediately executes a remote shell script from https://cli.inference.sh (with binaries from dist.inference.sh) and is required to install/run the infsh CLI used by the skill.