video-prompting-guide

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The URLs are mostly docs and an image on a single nonstandard domain, but they include a remote installer (cli.inference.sh) intended to be piped to sh which downloads binaries from dist.inference.sh — running unknown shell scripts/binaries from an untrusted domain without independently verified signatures is a moderate-to-high risk for malware distribution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Quick Start runs a remote installer with curl -fsSL https://cli.inference.sh | sh which downloads and executes code at runtime and is presented as a required dependency for using the infsh commands in this skill.