product-photography

The document is an instructional skill for generating and editing AI product photography via a remote CLI and third‑party model providers. Functionally it is consistent with its stated purpose and shows no explicit in-source backdoor or exfiltration code. However, it instructs a high-risk installer pattern (curl | sh), encourages uploading local files and authenticating via a CLI without describing credential handling, and suggests adding remote packages via npx — together these are medium-to-high supply-chain and privacy risks. Recommended mitigations: avoid pipe-to-shell installations (use verified packages/releases), inspect installer script before running, restrict CLI network/file permissions, avoid uploading confidential local files, and require documentation of privacy/retention and signing of releases.