social-media-carousel

The skill aligns with its stated purpose of enabling social-media carousel design via an external CLI, but it employs a download-and-execute installation pattern from an external domain and relies on a potentially unverifiable binary. Credential handling is not clearly documented, and data flows to remote endpoints are not fully specified. These factors create elevated security risk, warranting a Suspicious rating and prompting stricter controls (e.g., avoid curl|sh installs, pin hashes, use verifiable package registries, and document explicit data-handling agreements).