background-removal

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] Functionally benign and aligned with its stated purpose (background removal via inference.sh). Main risks are operational: using a remote install script (curl | sh) and sending user images to a third-party service (privacy/trust implications). No direct evidence in this skill file of malware, credential harvesting, or obfuscated malicious behavior, but users should audit the installer and confirm trust in inference.sh before running the install and sending sensitive images. LLM verification: The skill content is documentation-focused and does not contain in-file malicious code. The main security issues are operational: (1) the Quick Start recommends executing a remote installer via 'curl | sh' which is a high-risk pattern, and (2) using a hosted inference service transmits user images to operator-controlled servers without documented privacy/retention guarantees. There is no direct evidence of malware or obfuscated/backdoor code in the provided Markdown, but installing and running t