building-inferencesh-apps

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Most of the URLs (GitHub repo, docs, and an example API host) are standard and not inherently malicious, but the skill explicitly instructs piping a remote script from https://cli.inference.sh into sh (curl ... | sh), which is a high‑risk distribution pattern that could deliver malware if the host is compromised or untrusted.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's mandatory docs and workflow show apps downloading and ingesting public third-party content (e.g., File.from() downloading arbitrary URLs in references/node-app-logic.md, snapshot_download() from HuggingFace in references/python-patterns.md, httpx calls in SKILL.md, and infsh app pull/list plus Google Drive/Sheets integrations), so untrusted external content is read and can influence runtime behavior.