product-changelog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Generating Visuals" section instructs running infsh app run infsh/agent-browser with a "url" (e.g., "https://your-app.com/new-feature"), which has the agent fetch/browse arbitrary external webpages (untrusted third-party content) that it would read/use to produce visuals and could influence subsequent outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Quick Start instructs running "curl -fsSL https://cli.inference.sh | sh", which fetches and executes a remote install script from https://cli.inference.sh (and then downloads binaries from dist.inference.sh), making this an in-runtime fetch that executes remote code and is required to use the infsh CLI that controls prompt-based runs.