customer-persona

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These are unfamiliar .sh domains that the skill instructs users to curl | sh (pipe a remote shell script directly into sh) rather than install via a trusted package manager or vetted repo—an active high-risk pattern because it grants arbitrary code execution from an unverified source.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs using infsh apps like tavily/search-assistant and exa/search/exa/answer (shown in Quick Start and Step 1) to fetch and research public web content and surveys, so the agent will ingest untrusted open-web/user-generated sources as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs users at runtime to execute remote code via "curl -fsSL https://cli.inference.sh | sh", which fetches and runs a script from https://cli.inference.sh (a required CLI dependency) and therefore executes remote code controlling the agent environment.