competitor-teardown

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Yes — the presence of a curl | sh installer (https://cli.inference.sh | sh) and a dist.* host serving binaries/checksums (dist.inference.sh/cli/checksums.txt) is a high‑risk pattern because it delivers and executes remote code/binaries from an untrusted domain (even if checksums are published); the competitor.com pages are ordinary site links but not the risky parts.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and scrape public websites and user-generated sources (e.g., infsh/agent-browser screenshots of competitor.com and competitor.com/pricing, tavily/extract on pricing pages, and search commands targeting G2, Capterra, Reddit, Product Hunt) and to use that content to drive analyses (reviews, SWOT, pricing, positioning), which exposes the agent to untrusted third-party content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Quick Start instructs running a runtime install command that fetches and executes remote code ("curl -fsSL https://cli.inference.sh | sh") and pulls binaries from https://dist.inference.sh, which the skill then relies on to run infsh apps that execute remote agents — so these URLs directly enable remote code execution and control the agent runtime.