competitor-teardown

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The set includes cli.inference.sh and inference.sh which are used to serve a remote shell installer (the prompt even shows curl ... | sh), a high-risk pattern because piping an unverified remote script to a shell can distribute malware even if the domain looks legitimate; the competitor.com pages themselves are ordinary webpages and lower risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly runs web searches and scrapes public sites (e.g., infsh commands to screenshot arbitrary URLs like "https://competitor.com" and extract pricing pages, and queries targeting G2, Reddit, Product Hunt, etc.), so the agent will fetch and interpret untrusted, user-generated third-party content as part of its workflow, enabling indirect prompt injection.