case-study-writing

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These URLs point to a private domain that instructs users to pipe a remote shell script (curl ... | sh) from an unvetted source (cli.inference.sh) — a high-risk pattern because it grants arbitrary code execution without verification, signature, or use of trusted package managers.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly invokes external search and research tools that fetch open-web content (e.g., "infsh app run tavily/search-assistant" and "infsh app run exa/search" / "exa/answer" in the Research Support and Quick Start sections), so the agent will ingest untrusted public web/social/forum content as part of its workflow.