google-veo

SUSPICIOUS: the skill's purpose is coherent, but it relies on an intermediary CLI/platform (`infsh`) for auth and execution rather than direct Google APIs, and it includes official-but-unpinned remote install plus transitive skill installation. This looks more like a hosted inference.sh integration than a direct Google Veo skill; risk is mainly supply-chain and data-routing trust, not confirmed malware.