character-design-sheet

This SKILL.md is a user-facing guide for generating consistent character-design art via the inference.sh CLI and LoRA workflows. The content itself does not contain obvious backdoor code or obfuscated malware, but it includes multiple supply-chain and data-exposure risks: a curl|sh installer pattern (download-and-execute), distribution from a third-party domain, and workflow steps that read local model weights and images which are likely uploaded to the remote service. Those patterns permit credential forwarding and exfiltration of local assets if the CLI or remote service is malicious or compromised. Recommended mitigations: avoid pipe-to-shell installs (manually verify checksums and inspect installer), prefer OS package managers or reproducible install artifacts, verify CLI source code, audit what infsh login stores and where, avoid uploading sensitive LoRA or proprietary images unless the service and its privacy policy are trusted, and scope tool permissions rather than allowing Bash(infsh *).