content-repurposing

[Skill Scanner] Pipe-to-shell or eval pattern detected The package/skill itself appears functionally benign for automating content repurposing, but contains several operationally risky patterns: executing an unsigned remote installer (curl | sh), centralizing content and authentication through a third-party gateway (inference.sh), and broad CLI permissions (Bash(infsh *)). These increase the attack surface for credential harvesting, content exposure, or supply-chain compromise. Recommend: do not run the installer without auditing and verifying its integrity, review where infsh stores credentials, prefer direct provider integrations or signed installers, and restrict CLI privileges and network access when possible. LLM verification: The skill documentation is functionally coherent for content repurposing and its examples match the stated purpose. However, it instructs users to run a remote install via curl | sh and routes content and credentials through a third-party gateway (inference.sh and related app backends). Those two patterns are high-risk for supply-chain or credential-harvesting attacks if the remote service or installer is malicious or compromised. I rate the package as SUSPICIOUS: likely safe if inference.sh is