image-to-video

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] This SKILL.md is a legitimate-looking guide for using the inference.sh CLI to convert still images to video using hosted model apps. The content and capabilities align with the stated purpose. No direct malicious code or obfuscation is present in the provided file. The main risks are operational: (1) the installer uses a curl | sh pattern which runs remote code locally unless the user independently verifies checksums; (2) all prompts and images are routed through a third-party service (inference.sh / dist.inference.sh and the hosted model apps), so sensitive media or credentials could be exposed if those services are untrustworthy. Recommend verifying the CLI binary checksums manually, reviewing infsh's privacy/terms, and avoiding uploading sensitive images or secrets to the hosted service. If the project requires local/air-gapped inference, this skill is not suitable without additional guarantees. LLM verification: This SKILL.md is a usage guide for a third-party CLI-driven image-to-video pipeline that relies on a hosted inference service. The file itself contains no obfuscated code or hardcoded secrets, and does not contain obvious malicious logic. However, it instructs the user to execute a remote installer via 'curl | sh' and to upload local images and credentials to the inference.sh service. Those operational patterns pose a supply-chain and data-exfiltration risk if the installer or service is malicio