image-to-video

The skill is SUSPICIOUS: it claims a safe, guided workflow for image-to-video generation but relies on downloading and executing an external binary from an unverified source, with potential data exfiltration risk via prompts/images to a remote service. While some safeguards (checksum verification) exist, the overall pattern (download-execute from a non-official registry) and data-flow paths warrant caution and possible rework to use officially verifiable package registries or self-contained local tooling. If the binary’s provenance and data-handling practices are auditable and clearly documented, risk could be reduced; absent that, treat as suspicious.