talking-head-production

This skill is a documentation/instruction pack that primarily drives a remote CLI (infsh) to upload images, audio, and prompts to hosted AI apps for talking-head generation. The functionality matches the stated purpose (remote avatar/video generation), but the install and execution patterns carry meaningful supply-chain and data-exfiltration risks: a curl|sh installer (download-execute), reliance on a non-registry binary host (dist.inference.sh), and broad runtime permissions (Bash(infsh *)). There are no explicit hardcoded secrets or obfuscated payloads in the provided text, and no direct evidence of malware. However, trust is concentrated in the remote provider: installing the CLI and logging in gives that provider (and anyone who compromises its distribution) the ability to execute code and receive user media and credentials. Recommend: avoid pipe-to-shell installs without manual checksum verification, review the infsh login behavior and storage of credentials, limit granted tool capabilities where possible, and consider the privacy implications of uploading sensitive media to third-party hosted models.