pitch-deck-visuals

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These links point to an unfamiliar third‑party service (inference.sh) that provides a remote installer piped directly to sh and an associated GitHub commit from a non‑widely known account — installing via curl | sh from an unverified domain and pulling code from an obscure repo is a common malware vector, so treat as suspicious until verified.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Quick Start tells users to run "curl -fsSL https://cli.inference.sh | sh", which fetches and executes remote shell code at runtime to install the required CLI (https://cli.inference.sh), so this URL is a runtime external dependency that directly executes remote code.