ai-automation-workflows

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The domains (inference.sh and its subdomains) may be legitimate, but the skill instructs piping a remote installer (https://cli.inference.sh) directly into sh and posting runtime errors to an arbitrary webhook (https://your-webhook.com/alert), both of which are high-risk behaviors because a remote script can execute arbitrary code and webhooks can exfiltrate sensitive data; the hosted image (cloud.inference.sh) is lower risk but could also host malicious payloads or be used to stage other files.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The workflow's Pattern 2 "Research" step calls tavily/search-assistant to retrieve search results (public web content) and then directly injects that untrusted third‑party content into subsequent model prompts (e.g., the ARTICLE generation), which clearly exposes the agent to indirect prompt injection.