agent-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md Quick Examples and Commands explicitly show running third-party web-search and extraction apps (e.g., tavily/search-assistant, Exa Search) and social media actions (x/post-tweet), which fetch and ingest public/untrusted web and social-media content that the agent would read and act on.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The README includes a direct install command that pipes remote shell code to the shell ("curl -fsSL https://cli.inference.sh | sh") and also downloads binaries/manifests from https://dist.inference.sh, which fetches and executes remote code required to run the skill.