twitter-automation

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These URLs point to a single, non-well-known domain (inference.sh) that includes a remote install script (curl | sh via cli.inference.sh) and direct binary distribution (dist.inference.sh), which are high-risk patterns for malware distribution unless the domain and its checksums are independently verified—documentation and image links are lower risk but do not mitigate the danger of running or installing executables from an untrusted source.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly includes apps like x/post-get and x/user-get and examples that fetch/read Twitter/X user-generated tweets and profiles via the X API, and those untrusted third-party contents can be read and used to drive actions (likes, retweets, follows, DMs), enabling indirect instruction injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Quick Start directs running "curl -fsSL https://cli.inference.sh | sh", which fetches and executes a remote install script (from cli.inference.sh / dist.inference.sh) as a required dependency for the infsh CLI, so remote code is executed at setup/runtime.