product-changelog

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These are downloads hosted on a private domain that the prompt tells users to execute via curl | sh and to fetch platform binaries verified only by an unsigned checksums.txt — not obviously malicious but risky because piping remote shell scripts and relying on plain checksum files from the same/unverified domain can easily distribute malware if the site or hosting is compromised.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Generating Visuals" section instructs running infsh app run infsh/agent-browser with a "url" (e.g., "https://your-app.com/new-feature"), which has the agent fetch/browse arbitrary external webpages (untrusted third-party content) that it would read/use to produce visuals and could influence subsequent outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Quick Start instructs running "curl -fsSL https://cli.inference.sh | sh", which fetches and executes a remote install script from https://cli.inference.sh (and then downloads binaries from dist.inference.sh), making this an in-runtime fetch that executes remote code and is required to use the infsh CLI that controls prompt-based runs.