office-sprite

[Skill Scanner] Instruction to copy/paste content into terminal detected No evidence of malicious code or backdoors in the provided skill documentation. The workflow is consistent with the stated purpose: generate images via Nano Banana, manually validate them, and process them locally with ffmpeg/ImageMagick. The main security consideration is data privacy: prompts and generated images are sent to an external image-generation service (Nano Banana) — ensure that service's privacy/retention policies are acceptable before sending sensitive content. Also review the actual helper script (.claude/skills/office-sprite/scripts/process_sprite.sh) before running, and avoid hardcoded absolute paths in shared projects. Overall this is functionally benign but has a moderate privacy/execution risk due to external generation and shell-based processing. LLM verification: This skill is functionally consistent with its stated purpose (sprite generation and magenta-background removal) and contains no clear signs of malware in the provided instruction text. The main risks are supply-chain and operational: the mcpl/nanobanana step is an external network operation whose privacy/telemetry implications are unspecified, and executing helper scripts (process_sprite.sh, ffmpeg, magick) from the repository is a potential vector if those scripts are tampered with. Recommend: