landing-page-design

[Skill Scanner] Pipe-to-shell or eval pattern detected The skill appears coherent and aligned with its stated purpose (landing page design and generation of visuals via inference.sh). There is no direct evidence of malicious code or obfuscation in the provided skill content. Primary risks are operational: (1) the use of curl | sh to install the infsh CLI (executes remote script without local review), and (2) broad allowed-tool permissions (Bash(infsh *)) which grant high execution capability. Data submitted in prompts or via the CLI (including any sensitive text) will be sent to inference.sh and provider endpoints — users should treat prompts as potentially visible to those services. Overall I assess low probability of intentional malware but moderate supply-chain/operational risk due to installer and tooling scope. LLM verification: The landing-page skill content is functionally benign and useful for marketing/design purposes. The documented security concerns are operational: a piped installer that executes remote code, and a brokered CLI that collects credentials and forwards prompts to third-party providers without disclosure of retention or telemetry. I assess no direct malicious code in the provided file, but the installer and data-flow patterns present real risk and should be audited before use. Recommend: do not run t