newsletter-curation

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.75). The presence of a remote install script (curl https://cli.inference.sh | sh) that downloads platform binaries from a distribution subdomain (dist.inference.sh) is a high-risk pattern—while a checksums.txt is provided, there’s no evidence of stronger signatures (e.g., GPG) and piping an unreviewed script to sh plus direct binary downloads from a non-obvious domain can be used to distribute malware if the site or TLS is compromised.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md's "Content Sourcing" section explicitly directs running infsh apps (e.g., tavily/search-assistant, exa/search) with queries including site:reddit.com and references to Twitter/LinkedIn/Reddit/forums, so the agent is expected to fetch and interpret untrusted public social and web content as part of its workflow—which can materially influence curation and follow-up actions like social posts.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's Quick Start instructs users to run curl -fsSL https://cli.inference.sh | sh which fetches and executes remote install code (and then downloads binaries from dist.inference.sh) and the CLI is a required runtime dependency for the provided infsh commands, so this external URL executes remote code at setup/runtime.