product-hunt-launch

This skill is primarily benign guidance for Product Hunt launches that integrates with the inference.sh CLI to generate images and research results. The main supply-chain and security concerns stem from instructing users to download-and-execute a remote installer (curl | sh) and from forwarding user inputs, local files, and credentials to third-party inference services. Those patterns are legitimate for a CLI-based image/research workflow but represent moderate supply-chain and data-exfiltration risk: users must trust inference.sh and any invoked app providers. No explicit malware, obfuscated payloads, or direct credential-harvesting code is present in the document, but the distribution/install pattern and broad CLI permissions elevate the security risk. Recommend: avoid running curl|sh without manual verification, verify checksums before execution, review infsh login auth flow, and assume that images/prompts and any uploaded files are sent to remote services.