youtube-thumbnail-design

[Skill Scanner] Pipe-to-shell or eval pattern detected The skill fragment is benign and aligned with its stated purpose of guiding AI-assisted thumbnail design and generation via an external CLI. It demonstrates standard install/usage patterns and safe data flows for a design tool. The primary risk is the external installer (curl | sh) pattern, which should be mitigated by integrity checks or alternative, verifiable installation methods. If possible, provide pinned hashes or offline installer options to reduce supply-chain risk. Overall security risk is moderate due to installation vector but low for runtime data handling, and the malware likelihood remains low given the current content. LLM verification: The content is primarily a harmless thumbnail-design guide, but the operational instructions present a meaningful supply-chain and privacy risk. The use of 'curl ... | sh' to install a third-party CLI and mandatory reliance on a hosted inference service concentrate risk of remote code execution, credential exposure, and large-scale prompt/data collection. I assess low likelihood that the documentation itself contains malware, but moderate-to-high risk that following the installer instructions co