case-study-writing

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These URLs point to an unverified domain offering a direct shell installer (curl https://cli.inference.sh | sh) — a high-risk distribution pattern because piping remote scripts from an unknown site is a common malware vector and no code/signature verification or well-known vendor reputation is presented.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill’s Quick Start and Research Support explicitly run infsh search apps (e.g., infsh app run tavily/search-assistant, exa/search, exa/answer) to pull industry benchmarks and competitor information from public web sources, so the agent will ingest untrusted third-party content (open web/social/public sites) as part of its workflow.