ai-automation-workflows

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.85). The presence of an unknown domain serving a shell installer (curl -fsSL https://cli.inference.sh | sh), a webhook endpoint that could be used for exfiltration (https://your-webhook.com/alert), and a direct file-hosting URL (cloud.inference.sh/…jpeg) together create a high-risk pattern for remote code execution, covert data leak, or malicious payload delivery even if the domains might be legitimate.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Sequential Pipeline (Pattern 2, "Research" step) calls infsh app run tavily/search-assistant to fetch web research and then injects the returned $RESEARCH directly into subsequent model prompts to generate an article, meaning untrusted public web content is read and can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The Quick Start includes a runtime command that pipes remote shell code into sh—"curl -fsSL https://cli.inference.sh | sh"—which fetches and executes code from https://cli.inference.sh and the skill depends on the resulting inference.sh CLI, so this is a direct remote-execution dependency.