ai-automation-workflows

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The domains (inference.sh and its subdomains) may be legitimate, but the skill instructs piping a remote installer (https://cli.inference.sh) directly into sh and posting runtime errors to an arbitrary webhook (https://your-webhook.com/alert), both of which are high-risk behaviors because a remote script can execute arbitrary code and webhooks can exfiltrate sensitive data; the hosted image (cloud.inference.sh) is lower risk but could also host malicious payloads or be used to stage other files.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The workflow's Step 1 "Research" calls infsh app run tavily/search-assistant to pull search/research results into $RESEARCH and then feeds that untrusted third‑party web content into the article generation step, exposing the agent to arbitrary external content that could carry indirect prompt injections.