ai-music-generation

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The links are to a coherent documentation/site for inference.sh (docs and an image) but the included installer uses a direct "curl ... | sh" from cli.inference.sh (a remote .sh) which is a high‑risk pattern because it executes remote code and could be abused to distribute malware if the site or DNS is compromised.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The Quick Start includes the command "curl -fsSL https://cli.inference.sh | sh" which downloads and immediately executes a remote shell script from https://cli.inference.sh at runtime, making it a required external dependency that runs remote code.