image-to-video

[Skill Scanner] Pipe-to-shell or eval pattern detected No explicit malicious code or obfuscated payloads were found in the provided skill documentation. The content is a legitimate-looking guide for animating images using the infsh CLI and remote model apps. Main risks are operational: installing the infsh CLI via an internet shell pipe, and sending images/prompts/credentials to remote providers (possible intermediary gateway). This is a privacy and supply-chain trust risk rather than clear malware. Recommend auditing the infsh installer and understanding where data and tokens are sent before use. LLM verification: The SKILL.md content appears functionally legitimate for its stated purpose (guiding still-to-video generation through an external CLI), but it contains high-risk distribution/use patterns: specifically the curl|sh installer and routing of all images/prompts through the infsh service without providing provenance or data-handling information. There is no direct evidence of embedded malware in the document text itself, but the installation and data-flow design are suspicious and present meaningful