agent-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows running web/search apps (e.g., "belt app run tavily/search-assistant" in Quick Examples and the Running Apps docs) and describes retrieving app outputs/URLs from public apps, so the agent can ingest untrusted, user-sourced web/search content that could influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly directs running a remote installer via "curl -fsSL https://cli.inference.sh | sh" (and downloads from https://dist.inference.sh), which fetches and executes remote code during setup and is a required dependency for the CLI-based skill, so these URLs present runtime-executed external code risk.