product-changelog

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The instruction to curl a shell script from an unverified domain (https://cli.inference.sh) and pipe it directly to sh is a high-risk pattern for distributing malware — the inference.sh domain appears to host a CLI installer (cli.inference.sh) which is untrusted here, while https://your-app.com/new-feature is just a content URL and not itself a download.