ai-marketing-videos

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The set is suspicious because it instructs piping a remote shell script from cli.inference.sh (executing unreviewed code) and uses non-standard/third-party domains for downloads (even if some links are media files), which is a common malware distribution vector.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The Quick Start instructs running "curl -fsSL https://cli.inference.sh | sh", which fetches and immediately executes remote code from https://cli.inference.sh at runtime and is presented as a required CLI dependency for the skill, creating a high-risk external control/execution vector.