web-search

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These URLs point to a third‑party service using a curl | sh installer that downloads binaries from a non-standard distribution domain (dist.inference.sh); although a checksum file is provided, piping remote install scripts and fetching executables from a single untrusted domain are common malware vectors and thus suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and extract content from arbitrary web URLs using apps like tavily/extract and exa/extract (see the "Tavily Extract" and "Exa Extract" examples and the "Workflow: Extract + Summarize" section), meaning untrusted third-party page content is ingested and then used as input to LLMs — enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The Quick Start instructs running "curl -fsSL https://cli.inference.sh | sh", which fetches and immediately executes a remote shell script from https://cli.inference.sh (with binaries from dist.inference.sh) and is required to install/run the infsh CLI used by the skill.