google-veo

SUSPICIOUS: the skill's basic function is coherent, but it relies on a third-party platform/CLI that intermediates both authentication and Google Veo requests, and it encourages transitive skill installation. Same-org evidence for inference.sh lowers pure supply-chain concern, yet the proxy-style data flow and credential forwarding make the overall risk medium.