image-upscaling

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The set includes a direct "curl -fsSL https://cli.inference.sh | sh" instruction pointing to an unverified third‑party CLI (cli.inference.sh) — a high‑risk pattern that can execute arbitrary code and pull further binaries, even if other links are just docs/images.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill accepts arbitrary public image URLs (see the CLI examples using --input '{"image_url":"https://your-image.jpg"}' and '{"image_url":"https://low-res-image.jpg"}'), causing the agent to fetch and process untrusted third‑party content from the open web.