explainer-video-guide

[Skill Scanner] Pipe-to-shell or eval pattern detected This skill is functionally aligned with its stated purpose (explainer video production) and does not contain code that appears to be intentionally malicious. The main security concerns are operational: installing the infsh CLI via curl | sh and routing user prompts/media through a third-party gateway (inference.sh and referenced model endpoints). These patterns are common for remote-generation workflows but carry supply-chain and data-exfiltration risk if the remote service or installer is malicious or compromised. No hardcoded secrets or obfuscated/malicious code patterns were found in the provided skill content. LLM verification: The SKILL.md file itself is documentation for an explainer-video workflow and contains no embedded obfuscated or explicitly malicious code. However, it instructs users to execute an unverified remote installer (pipe-to-shell) and to route prompts, local images, and credentials through a third-party CLI/service (inference.sh/infsh). Those patterns create a significant supply-chain and data-exfiltration risk: the installer could install malicious components, and the centralized broker could collec