competitor-teardown

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The set includes unknown domains (inference.sh / cli.inference.sh / dist.inference.sh) that serve an install script and direct binary distribution (the skill even instructs piping curl to sh), which is a high-risk pattern for malware distribution despite HTTPS and a checksums file because remote executables and “curl | sh” installs from untrusted sources can execute arbitrary code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and scrape public websites and user-generated sources (e.g., infsh/agent-browser screenshots of competitor.com and competitor.com/pricing, tavily/extract on pricing pages, and search commands targeting G2, Capterra, Reddit, Product Hunt) and to use that content to drive analyses (reviews, SWOT, pricing, positioning), which exposes the agent to untrusted third-party content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Quick Start instructs running a runtime install command that fetches and executes remote code ("curl -fsSL https://cli.inference.sh | sh") and pulls binaries from https://dist.inference.sh, which the skill then relies on to run infsh apps that execute remote agents — so these URLs directly enable remote code execution and control the agent runtime.