image-to-video

The skill is conceptually coherent: it describes a purpose (turning still images into animated video using multiple models) and provides a workflow that relies on the inference-sh ecosystem. However, there are notable security concerns: the use of transitive skill installation via npx, reliance on external model endpoints for rendering (potential data exfiltration of input images/prompts), and lack of explicit verification/pinning of the external CLI tools. The data flow involves sending media and prompts to third-party services, which requires clear data-use policies and opt-in controls. Overall, the footprint is moderately risky and should be treated as suspicious for security review until provenance and data-handling practices are verified.