customer-persona

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These are unfamiliar .sh domains that the skill instructs users to curl | sh (pipe a remote shell script directly into sh) rather than install via a trusted package manager or vetted repo—an active high-risk pattern because it grants arbitrary code execution from an unverified source.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill instructs the agent to run web-search apps (e.g., the Quick Start and Step 1 code blocks calling "infsh app run tavily/search-assistant" and "infsh app run exa/search" / "exa/answer"), which fetch and ingest open/public third-party web content (search results, sites, forum posts) that the agent is expected to read and interpret, exposing it to untrusted user-generated content and potential indirect prompt injection.