linkedin-content

The skill description and implementation footprints are consistently aligned with automated content generation via an external inference CLI, but the core mechanism relies on downloading and executing a remote installer (curl | sh) and delegating substantial behavior to an external CLI service. This introduces non-trivial supply-chain risk (unpinned external binaries, potential payload changes, and trust concerns) and data-flow risks (credentials and content potentially flowing through external tooling). The combination elevates risk beyond a benign helper, making this Suspicious to High-Risk in terms of supply-chain and runtime integrity. Recommendation: replace the curl | sh install with a pinned, reproducible build process (e.g., registry-managed package with exact version pins and integrity checks), clearly document and isolate credential handling, and provide explicit data-flow diagrams and user-consent controls for any content/publication actions.