flux-image

[Skill Scanner] Pipe-to-shell or eval pattern detected This skill README appears consistent and benign: it documents how to use a hosted inference CLI (infsh) to run FLUX image models. The main risks are operational/trust-based (executing a remote installer and sending prompts/images to the inference.sh/falai hosted service). There are no signs of obfuscation, hardcoded secrets, or code that performs unauthorized local data access. Recommended caution: review the installer script at https://cli.inference.sh before piping to sh and avoid sending sensitive/private images or secrets in prompts. LLM verification: This SKILL.md is coherent with its stated purpose (using a hosted inference.sh CLI to run FLUX models), but it contains supply-chain and privacy risks. The immediate red flag is the recommended 'curl -fsSL https://cli.inference.sh | sh' installer pattern (remote script executed without checks). The skill also routes prompts, images, and authentication through a third-party service (inference.sh), so secrets and sensitive user data could be exfiltrated if that service or its CDN is compromised or