agent-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The SKILL.md explicitly lists and demonstrates running web-search apps (e.g., "infsh app run tavily/search-assistant" in Quick Examples and "Web search: Tavily Search, Exa Search" in What's Available), which fetch and return open/public web content that the agent would read and act on, allowing untrusted third-party content to influence subsequent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs running "curl -fsSL https://cli.inference.sh | sh" (and downloads binaries from https://dist.inference.sh), which fetches and executes remote installer code at runtime and is a required dependency to use the CLI.