explainer-video-guide

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These links point to a small/unknown project domain and its GitHub raw install doc — the raw Markdown likely recommends downloading/running a CLI installer (curl|sh style), which is a common vector for malware even though the files are hosted on GitHub.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill repeatedly invokes the inference.sh CLI (infsh) to run remote apps (e.g., google/veo-3-1-fast) at runtime via https://inference.sh, meaning execution happens on that external service and the skill depends on it to perform generation.