email-design

The skill's stated purpose (email design tooling via infsh) is broadly coherent with the implemented flow of using a CLI to render visuals and supply email templates. However, the reliance on external, unverifiable image-rendering services and transitive CLI/tool invocations introduces data-flow exposure to third-party endpoints and supply-chain risk. There are no credential reads or exfiltration from user secrets, but inputs (HTML prompts, design content) could be sent to remote services. Given the combination of external binaries, potential data leakage to remote services, and transitive dependencies, the skill is suspicious rather than benign. It would benefit from explicit data handling disclosures, the ability to operate entirely offline, and verifiable, auditable third-party components.