character-design-sheet

The skill aims to enable character-design consistency using an external Flux LoRA workflow via a downloaded CLI. However, it embeds a download-and-execute pattern from an unfamiliar domain and relies on unverifiable binary distribution, which constitutes a notable supply-chain risk. While the intended purpose is legitimate developer tooling for art pipelines, the installation and data-flow patterns justify labeling as SUSPICIOUS with high risk due to external binary execution, potential credential handling, and data exfiltration paths. If you pursue this, ensure the binary is open-source, verifiably signed, and that data flows to trusted endpoints with clear, user-consented data governance.