storyboard-creation

Overall, the skill’s stated purpose (AI-assisted storyboard creation via an external inference CLI) is coherent with its described capabilities. However, there are clear security concerns: it relies on a curl | sh install pattern to download and execute an external binary from an untrusted domain, introduces a potential supply-chain and remote code execution risk, and involves data flowing to an external service for image generation. The lack of verifiable provenance for the external CLI and the absence of explicit data-handling disclosures heighten risk. Proportionality is acceptable for a design focused on AI-generated visuals, but trust boundaries and data handling must be clarified (official registries, signed releases, explicit data policies). Overall risk level: Suspicious to MEDIUM-HIGH. Recommend replacing curl | sh with a pinned, signed installer from an official registry, adding clear data-handling disclosures, and ensuring strict provenance verification before enabling this skill in production deployments.