newsletter-curation

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These URLs host an installer flow that instructs piping a remote shell script (curl | sh) and fetching binaries from the same domain — a high‑risk distribution pattern because checksums served from the same domain do not provide independent verification and give an attacker an easy way to deliver malicious binaries.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md's "Content Sourcing" section explicitly directs running infsh apps (e.g., tavily/search-assistant, exa/search) with queries including site:reddit.com and references to Twitter/LinkedIn/Reddit/forums, so the agent is expected to fetch and interpret untrusted public social and web content as part of its workflow—which can materially influence curation and follow-up actions like social posts.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's Quick Start instructs users to run curl -fsSL https://cli.inference.sh | sh which fetches and executes remote install code (and then downloads binaries from dist.inference.sh) and the CLI is a required runtime dependency for the provided infsh commands, so this external URL executes remote code at setup/runtime.