social-media-carousel

The skill fragment is largely coherent with its stated purpose (demonstrating and driving an AI-assisted carousel design workflow using an external CLI). However, the presence of a curl | sh download/install pattern from an external domain represents a real supply-chain risk and should be treated as suspicious by default. If this pattern is necessary for operation, it should be replaced with a pinned, auditable installation method (e.g., using a package manager with verified integrity, or vendored/bundled binaries with explicit hash checks). Overall, the content is functionally aligned but the install mechanism introduces notable risk and warrants caution and explicit trust assessment.