The security risk. Inserting "evil" inline script tags into a page is a common attack. If you ever allow the user-produced content to be linked into the DOM (to control its appearance for example), then your website is vulnerable to this attack.
Either add the javascript inline into the html document itself, or add it in a separate file and tell the browser to download that file alongside the html document. Both techniques are valid and How to Pass Arguments to a Bash Script - Lifewire Jan 15, 2020 A Detailed Breakdown of the <script> Tag - SitePoint Jul 17, 2012
filePath, inline: All: The PowerShell task allows you to add PowerShell code directly within the YAML pipeline or execute an existing script in the source repo. Here you can specify either filePath providing the path to the script to run or use inline which indicates that you’ll be adding the PowerShell code directly int the YAML pipeline
web application - What is an inline script? - Information The reason the paper mentions this is that this piece of code cannot be validated as 'secure', without running it (or perform code analysis). Content Security Policy error because of inline script May 21, 2019
Strict CSP - Content Security Policy
Add inline JavaScript to a HTML document