video-prompting-guide

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.75). All URLs are hosted on a single third‑party domain that provides a remote install script (curl | sh -> cli.inference.sh) and downloadable binaries (dist.inference.sh), which is a common vector for malware—while HTTPS and SHA‑256 checksums are present, there’s no clear evidence of established vendor reputation, code signing, or GPG verification, so executing the installer without fully auditing it is high risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Quick Start runs a remote installer with curl -fsSL https://cli.inference.sh | sh which downloads and executes code at runtime and is presented as a required dependency for using the infsh commands in this skill.