logo-design-guide

The skill aims to provide a logo-design guide and leverage an external inference CLI for image generation. However, it includes a sensitive install pattern (curl ... | sh) to fetch an unverified binary, plus reliance on remote binaries and a login flow that could expose credentials or tokens. While there is a checksum mention, the initial download source remains a potential supply-chain risk. Data flows route prompts and assets through an external CLI to remote services, which is expected for AI generation but requires strong provenance and strict boundary isolation. Overall, the footprint is suspicious given the download-execute chain and unverifiable binary risk, though it may be defensible if all artifacts are strictly verified, provenance-guarded, and tokens are properly scoped. Treat as SUSPICIOUS with a high need for secure supply-chain validation and explicit, verifiable provenance.