technical-blog-writing

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These domains serve a remote installer (curl ... | sh) that downloads and executes code from a third‑party host — a high‑risk pattern unless you can verify the domain, inspect the script, and confirm signatures/reputation.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md Quick Start explicitly shows running infsh app run exa/search --input '{ "query": ... }' to "Research topic depth," which indicates the skill fetches open-web search results (untrusted, user-generated/public content) that the agent is expected to read and use to shape posts, so third‑party content could materially influence actions and enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes a runtime installation command that fetches and executes remote code from https://cli.inference.sh via "curl -fsSL https://cli.inference.sh | sh" and then uses the installed infsh CLI (infsh app run ...) to execute remote apps (e.g., infsh/python-executor) that run code and control prompts.