video-ad-specs

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The three URLs point to a service-hosted CLI installer and binary distribution (including an immediate "curl | sh" install pattern) on a non widely-known domain—they deliver executables/checksums from the same domain (making independent verification difficult) which is a common vector for malware distribution unless you fully trust and have independently verified the vendor.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Quick Start instructs running "curl -fsSL https://cli.inference.sh | sh" (which downloads and executes a remote installer that in turn pulls binaries from dist.inference.sh) and that installer is required to get the infsh CLI used by the skill, so it clearly executes remote code at runtime.