web-search

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The set includes a remote "curl | sh" installer (cli.inference.sh) and a binary distribution host (dist.inference.sh) with only plaintext checksums referenced—an installation pattern that can be used to distribute malware if the domain or files are compromised (while doc/blog/image/example.com links are lower risk, the installer/binary endpoints make this a suspicious download source).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly performs web search and content extraction from arbitrary public URLs via inference.sh (e.g., the tavily/extract "urls" and exa/extract "url" examples and the "Search the web" / tavily/search-assistant commands), so the agent will ingest untrusted third‑party web content.