storyboard-creation

[Skill Scanner] Pipe-to-shell or eval pattern detected This skill is functionally consistent with its stated purpose: it documents how to use the inference.sh CLI and hosted models to create and stitch storyboard panels. There is no direct malicious code or obfuscation in the skill text. The main risks are: (1) the installer command curl | sh executes remote code — a risky install pattern if inference.sh is untrusted; (2) all prompts and images are sent to external services (inference.sh and referenced model providers), so sensitive content or proprietary images may be exposed; (3) the allowed-tools line with a wildcard grants broad CLI usage for infsh which increases execution scope. These are supply-chain and privacy risks rather than clear malware. Recommend: only run the installer from a trusted environment, review the infsh installer script before executing, and avoid sending confidential materials to the remote service unless you trust its privacy/retention policies. LLM verification: The SKILL.md content itself is not overtly malicious and matches its stated purpose (storyboard generation). However, it prescribes a high-risk installation pattern (curl | sh) and depends on an opaque third-party service that will receive prompts, images, and credentials. This constitutes a material supply-chain and data-exfiltration risk: do not run the remote installer without inspecting and verifying it, seek a verified installation channel and clear data/credential handling documentation, a