product-changelog

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The URLs include a subdomain (cli.inference.sh) that the skill uses to deliver and pipe a remote shell installer (curl ... | sh), which is a high‑risk pattern because it downloads and executes code from a remote host without opportunity for safe inspection—so unless you can verify the vendor and inspect the script/repository first, treat this as suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill explicitly runs an agent browser against arbitrary URLs (see the "Generating Visuals" example using infsh app run infsh/agent-browser with "url": "https://your-app.com/new-feature"), which fetches and ingests untrusted public web content that the agent is expected to read/interpret.