inference-sh-cli

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The URL points to a non-major domain serving a shell installer and the skill explicitly instructs "curl ... | sh" (piping a remote .sh into a shell), which is a high-risk pattern for distributing malware unless you fully trust and have verified the publisher.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required workflow (SKILL.md) tells the agent to run infsh app list/search and infsh app get and to parse app JSON/sample inputs and results from the public inference.sh app catalog (https://inference.sh and cloud.inference.sh URLs), which are public third-party marketplace entries and outputs the agent must read and use to choose apps and construct inputs, exposing it to untrusted third-party content that could inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs a setup command that fetches and executes remote code via "curl -fsSL https://cli.inference.sh | sh" to install the required infsh CLI, which is a runtime dependency that executes remote code.