product-photography

This is documentation for an AI product-photography skill that instructs users to install and use a third-party CLI (infsh) and to upload images/prompts to remote hosted models. The content itself is not obviously malicious (no backdoor code, no obfuscated payloads inside the provided text), but it contains risky supply-chain patterns: a curl|sh installer, downloads from non-standard domains, and recommendations to install and run third-party CLIs that will accept credentials and upload user images. The primary risks are supply-chain/installer execution risk and data exposure to third-party model endpoints. If a user follows the quick-start installer, they trust the remote binary and its handling of credentials and uploads. Recommend avoiding pipe-to-shell installs, verifying checksums manually, reviewing the infsh client source before installing, and confirming the privacy/retention policy of the remote inference endpoints before uploading sensitive images.