youtube-thumbnail-design

This skill documentation is coherent with a legitimate purpose (helping creators produce thumbnails via a hosted AI image CLI). However, it contains high-risk supply-chain instructions: specifically the curl | sh installer and reliance on multiple remote components and unpinned package installs. The documentation omits important details about where credentials go and how user data is stored/retained. Practically: the content is not itself malicious, but following the provided install/run commands carries a non-trivial supply-chain and credential risk. Users should avoid piping remote scripts to sh, verify checksums independently, inspect installer contents before execution, and review the CLI's privacy/auth documentation before sending sensitive prompts or credentials.