ai-video-generation

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The set includes a third‑party domain (inference.sh) offering a remote install script (curl ... | sh) and direct binary/script downloads (dist/inference.sh, cli.inference.sh), which are high‑risk patterns for malware distribution unless you verify signatures/checksums and the vendor reputation; media and doc links are lower risk but some entries are malformed placeholders, increasing suspicion.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's Quick Start asks users to run a remote installer via curl -fsSL https://cli.inference.sh | sh (which downloads binaries from dist.inference.sh), meaning the skill requires fetching and executing remote code at runtime from https://cli.inference.sh and https://dist.inference.sh.