dialogue-audio

[Skill Scanner] Pipe-to-shell or eval pattern detected The skill fragment is coherently aligned with its stated purpose of generating dialogue audio using Dia TTS and orchestrating basic post-production steps. The primary security considerations relate to: (1) reliance on an external CLI installer and authentication flow to an external inference service, which introduces data-sharing and credential-telemetry risks, and (2) prompts containing potentially sensitive content being sent to a remote service for synthesis. There are no evident malicious behaviors or credential-harvesting patterns within the manifest itself. Overall, the footprint is proportionate to its stated purpose, but the external data flows should be explicitly documented and governed (data handling, privacy, and retention) to ensure supply-chain trust. LLM verification: The documentation matches its stated purpose (multi-speaker Dia TTS via infsh). No explicit malicious code is visible in the provided file, but there are notable supply-chain and data-exposure risks: (1) recommending 'curl ... | sh' installer is high-risk, and (2) routing prompts, uploaded media, and credentials through a third-party CLI/backend (inference.sh) without documented privacy/retention details creates potential for data exfiltration. Treat the package as operationally risky until the