prompt-engineering

[Skill Scanner] Pipe-to-shell or eval pattern detected Overall, the fragment is a benign documentation guide for prompt engineering with a high-level installation example. The presence of curl | sh for installation is a potential risk in install trust, but it is typical in such guides and does not constitute malicious behavior by itself. No evidence of data exfiltration, hidden backdoors, or credential harvesting within the fragment. Treat the curl | sh pattern as a moderate security risk due to installer trust assumptions and ensure users verify the script from a trusted source before execution. LLM verification: The content is a legitimate prompt-engineering guide with practical examples that use a hosted CLI. The file itself contains no direct malware or obfuscated payloads, but it instructs users to execute a remote piped installer and to route prompts/credentials through third-party services without documenting privacy or integrity safeguards. Main recommendations: do not run 'curl | sh' without reviewing and verifying the script (checksums/GPG), avoid sending secrets or PII in examples or to the CLI