product-hunt-launch

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The skill instructs users to run a remote installer (curl ... | sh) from an unverified .sh domain (cli.inference.sh), and piping an external script to a shell is a high-risk vector for malware distribution unless the source is trusted and the script audited.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly runs external search apps (e.g., infsh app run tavily/search-assistant and exa/search) to fetch Product Hunt pages and other public web/community search results, so the agent would ingest untrusted third-party user-generated web content.