competitor-teardown

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Yes — the prompt instructs piping a remote installer from an untrusted domain (https://cli.inference.sh) directly into sh, which is a high‑risk remote code execution pattern that can distribute malware; the competitor.com pages are ordinary web pages but do not mitigate the risk from the CLI download.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly instructs the agent to fetch and scrape public competitor sites and user-generated review sources (e.g., infsh/agent-browser screenshots of https://competitor.com, tavily/extract of pricing pages, and review mining from G2/Capterra/Reddit), so the agent will ingest untrusted third‑party content that could contain instructions influencing its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Quick Start instructs running curl -fsSL https://cli.inference.sh | sh which downloads and executes remote code (and is required to run the infsh apps the skill uses), so the URL https://cli.inference.sh is a runtime dependency that executes remote code.