seo-content-brief

[Skill Scanner] Pipe-to-shell or eval pattern detected Functionally legitimate for SEO research and content brief generation, but contains multiple high-risk supply-chain patterns: unverified pipe-to-shell installer, unpinned npx installs, and reliance on centralized remote inference services without documented credential/privacy handling. These patterns enable arbitrary code execution and potential credential/data exfiltration if the remote endpoints or installer are compromised. Recommendation: do not run curl | sh; fetch installer source separately, verify signatures/checksums or pinned releases, audit installer script and any npx packages, and review the infsh authentication flow and privacy policy before use. LLM verification: This skill documentation itself is benign in purpose and consistent with delivering SEO content briefs, but it contains high-risk supply-chain patterns: an explicit curl | sh install from a third-party domain and unpinned npx installs that will execute remote code. The skill routes all processing (queries, content extraction, HTML-to-image generation) through external inference.sh/tavily/exa services, meaning user inputs — potentially sensitive — are sent to third-party backends. There is no evi