ai-image-generation

[Skill Scanner] Pipe-to-shell or eval pattern detected BENIGN (with caveats). The manifest describes a legitimate CLI-based workflow for AI image generation and does not request unusual credentials or access beyond standard login. It relies on an external CLI installer, which is common for such tools; ensure trust in the provider and consider adding integrity verification (e.g., checksums/signatures) for the installer in production. LLM verification: The SKILL.md itself is documentation for using the inference.sh CLI to run many image-generation models. It does not contain obfuscated or directly malicious code, but it instructs users to run a remote installer via curl | sh and to log in to a third-party CLI. The primary supply-chain risks are (1) remote code execution risk from the pipe-to-sh installer and (2) privacy/credential exposure because user prompts, images and tokens are routed through the inference.sh service rather than directly