landing-page-design

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These URLs point to an unrecognized domain and the skill instructs piping a remote shell script (curl https://cli.inference.sh | sh), which is a high-risk pattern because it downloads and executes code from an unverified source without signatures or provenance.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly invokes external web/search tools (e.g., the example "infsh app run tavily/search-assistant" for researching competitor landing pages and the referenced inferencesh/skills@web-search) which fetch and ingest open/public third‑party web content that the agent is expected to read, creating exposure to untrusted user-generated content and potential indirect prompt injection.