video-prompting-guide

The skill is coherent in presenting a video-prompting guide and practical CLI usage, but it embeds a significant download-and-execute installation pattern (curl | sh) to fetch a remote binary with checksum verification. This pattern elevates supply-chain and remote-execution risk, especially since credentials/prompts may flow to external inference endpoints via CLI interactions. While the content itself is educational and tools are legitimate within a development context, the installation approach warrants caution and explicit security controls (e.g., pinning, verified packages, or using official registries). Overall, the skill is suspicious rather than benign due to its install/execute pathway and potential data-flow exposure, though not clearly malicious in intent.