seo-content-brief

The skill’s stated purpose (SEO content brief creation via keyword research and SERP analysis) is broadly aligned with its described methods, but the implementation relies on a curl|bash download-and-execute pattern to install an external binary and uses remote inference.sh services for core functionality. This introduces notable supply-chain and data-flow risks: unverifiable binaries, external data handling, and potential exposure of user queries. Given the combination of download-execute installation, unverifiable binary dependency, and external data flows, the skill is best characterized as SUSPICIOUS with elevated securityRisk. Recommend replacing the insecure install pattern with a verified, signed installer from official registries or bundling a verifiable CLI, and clarifying data flows and consent for outbound analytics data.