building-inferencesh-apps

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The URLs mostly point to documentation and a GitHub repo (low risk), but the skill explicitly instructs running a remote shell installer via "curl ... | sh" from cli.inference.sh, which is a high-risk pattern because it executes unreviewed remote code and could distribute malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's docs explicitly instruct runtime ingestion of arbitrary external content—e.g., references/node-app-logic.md shows File.from(...) "downloads and caches URLs" (accepting arbitrary public URLs) and references/cli.md describes pulling/listing apps from the public store (belt app pull/list), so untrusted third‑party content is fetched and executed/processed as part of the workflow.