email-design

This file is a benign email-design guide that integrates with a remote inference CLI. It does not contain obvious malware, obfuscated code, hard-coded credentials, or backdoors. The main security concerns are operational: (1) the recommended pipe-to-shell installer (curl | sh) is a high-risk supply-chain vector, (2) the workflow transmits user-provided HTML/prompts and credentials/tokens to remote inference services (privacy/exfiltration risk if sensitive content is sent), and (3) use of npx for adding skills can run unpinned install scripts. I recommend users avoid blind execution of remote installers, verify checksums and binary signatures before installing, review the infsh CLI source code, avoid uploading PII or secrets to remote inference endpoints, and pin or audit any npm packages installed via npx. No evidence here justifies classifying the content as malware, but the documented patterns warrant medium security risk for supply-chain and data exposure.