social-media-carousel

SUSPICIOUS: the core purpose is mostly coherent—carousel generation through inference.sh-hosted image apps—but the skill is broader than necessary. Same-org official installer evidence lowers the chance of outright malware, yet the mutable curl|sh install path, credential use through an external CLI, wildcard `belt *` access, and explicit transitive skill installation make the overall security posture medium risk rather than benign.