agent-tools

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Most links are documentation pages on the same domain (low risk), but the naked installer endpoint (https://cli.inference.sh) commonly used with curl | sh and the user-uploaded cloud.inference.sh file raise caution because remote shell installers and user-hosted files can be abused to distribute malware if not inspected or from an untrusted publisher.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly lets the agent run web-search and extraction apps (e.g., tavily/search-assistant, Exa Search listed under "What's Available" and the Quick Examples) which fetch and return open/public web content that the agent would read and interpret, exposing it to untrusted third‑party user-generated content and potential indirect prompt injection.