ai-avatar-video

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The links bundle an unattended remote install script (https://cli.inference.sh) and direct binary distribution (dist.inference.sh) from a single non‑widely‑known domain—patterns commonly abused to deliver malware—while other URLs are benign media/docs placeholders, so the overall package is high‑risk unless the domain and checksums are independently verified.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs running infsh apps with arbitrary external URLs (e.g., "image_url", "audio_url", "video_url" such as "https://portrait.jpg" or "https://video.mp4"), meaning the skill fetches and ingests open/public user-provided media (images/audio/video) that will be read/transcribed and used to drive downstream actions, enabling indirect prompt injection from untrusted third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The README instructs users at runtime to run "curl -fsSL https://cli.inference.sh | sh", which fetches and immediately executes remote shell code from https://cli.inference.sh (and then downloads binaries from dist.inference.sh), so the skill depends on and executes external code fetched at runtime.