explainer-video-guide

[Skill Scanner] Pipe-to-shell or eval pattern detected The file is a legitimate, purpose-aligned guide for producing explainer videos using an external CLI/proxy (inference.sh). It contains no direct in-file malicious payloads, obfuscated code, or hardcoded credentials. However, it instructs users to execute a remote installer (`curl | sh`) and to route prompts, local media, and credentials through a centralized third party (infsh). Those distribution and operational patterns create a supply-chain and data-exposure risk: if the installer or CLI/service is malicious or compromised, credentials and local files could be exfiltrated. Recommend cautious handling: review installer script, restrict tooling permissions, and avoid uploading sensitive data unless service trust and retention policy are verified. LLM verification: The SKILL.md file itself is documentation for an explainer-video workflow and contains no embedded obfuscated or explicitly malicious code. However, it instructs users to execute an unverified remote installer (pipe-to-shell) and to route prompts, local images, and credentials through a third-party CLI/service (inference.sh/infsh). Those patterns create a significant supply-chain and data-exfiltration risk: the installer could install malicious components, and the centralized broker could collec