competitor-teardown

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Suspicious — the skill explicitly tells users to run a remote shell install (curl -fsSL https://cli.inference.sh | sh), which is a high-risk pattern (direct .sh execution from an untrusted/unknown domain) while the competitor.com pages are ordinary website URLs and pose low risk on their own.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and ingest open web content (e.g., infsh app run infsh/agent-browser to screenshot https://competitor.com, tavily/extract for pricing pages, and tavily/exa/search-assistant queries targeting G2, Reddit, Product Hunt), meaning untrusted public/user-generated content is read and used to drive analysis and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Quick Start instructs running "curl -fsSL https://cli.inference.sh | sh" which fetches and immediately executes remote code at runtime, making https://cli.inference.sh a required external dependency that can control the agent environment.