web-search

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The set includes an unverified third‑party domain (inference.sh) that provides a curl | sh installer and direct binary distribution (dist.inference.sh/cli) — a high‑risk pattern for distributing executables even though the example.com pages and a JPEG are benign, so the overall source should be treated as potentially unsafe without independent verification.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and extract content from arbitrary web URLs using apps like tavily/extract and exa/extract (see the "Tavily Extract" and "Exa Extract" examples and the "Workflow: Extract + Summarize" section), meaning untrusted third-party page content is ingested and then used as input to LLMs — enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The Quick Start instructs running "curl -fsSL https://cli.inference.sh | sh", which fetches and immediately executes a remote shell script from https://cli.inference.sh (with binaries from dist.inference.sh) and is required to install/run the infsh CLI used by the skill.