seo-content-brief

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (medium risk: 0.65). Moderate risk: inference.sh is an unfamiliar domain and the install link is raw GitHub content (which can host scripts/binaries) and the skill’s CLI commands would fetch/execute remote apps, while the two generic "top-result" URLs are untrusted placeholders that could host malicious payloads.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md SERP Analysis Process explicitly instructs running infsh apps (e.g., "infsh app run tavily/extract --input { "urls": ["https://top-result-1.com/article", ...] }" and search-assistant queries) to fetch and analyze top-ranking public URLs, so the agent ingests untrusted third-party web content that directly influences writing/decision steps.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly relies on the inference.sh CLI (https://inference.sh) at runtime — the provided "infsh app run ..." commands invoke remote apps (e.g., tavily/search-assistant, exa/search, infsh/html-to-image) whose code/results are executed/returned and directly drive the content-generation prompts, so the agent depends on external runtime-executed code from inference.sh.