competitor-teardown

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Yes — the skill instructs piping a remote installer (curl https://cli.inference.sh | sh) and fetching binaries from an untrusted domain (dist.inference.sh), which is high-risk because executing remote shell scripts or downloading executables from an unverified/unknown domain can deliver malware even if a checksums.txt is provided; the competitor.com pages themselves are benign but do not reduce the risk of the installer flow.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and scrape public websites and user-generated sources (e.g., infsh/agent-browser screenshots of competitor.com and competitor.com/pricing, tavily/extract on pricing pages, and search commands targeting G2, Capterra, Reddit, Product Hunt) and to use that content to drive analyses (reviews, SWOT, pricing, positioning), which exposes the agent to untrusted third-party content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Quick Start instructs running a runtime install command that fetches and executes remote code ("curl -fsSL https://cli.inference.sh | sh") and pulls binaries from https://dist.inference.sh, which the skill then relies on to run infsh apps that execute remote agents — so these URLs directly enable remote code execution and control the agent runtime.