customer-persona

[Skill Scanner] Pipe-to-shell or eval pattern detected The fragment is coherent with its stated purpose and remains largely benign, but its reliance on external inference.sh infrastructure constitutes a meaningful trust and privacy risk. Recommend formalizing privacy/retention policies, validating third-party service provenance, implementing input minimization for sensitive attributes, and auditing the installer/script supply chain before production use. LLM verification: This SKILL.md describes a legitimate-seeming customer-persona skill whose capabilities align with its stated purpose. However, it instructs users to run a remote install script via 'curl | sh' and to authenticate a third-party CLI (infsh), after which all queries and prompts are routed to hosted apps (tavily, exa, falai) on the inference.sh platform. The install pattern (piping an unsigned remote script to sh) and the opaque routing of user data/credentials to a third-party backend are supply-ch