newsletter-curation

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.85). These are short/unknown domains serving a shell installer (curl ... | sh) from a non‑well‑known vendor — a high‑risk pattern because it executes remote code without package manager protections or verification.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and curate content from open web/search tools (e.g., infsh app run tavily/search-assistant and exa/search with queries including site:reddit.com) and lists social/community sources like Twitter, LinkedIn, Reddit and public blogs, which are untrusted/user-generated sources the agent is expected to read and interpret as part of its workflow.