ai-content-pipeline

This skill is a documentation/recipe for orchestrating multi-step media-generation pipelines via the inference.sh platform. The content itself is not overtly malicious, but it includes several supply-chain and data-flow risks: it recommends a curl|sh installer (download-and-execute), promotes transitive skill installation via npx, centralizes all processing through third-party inference endpoints, and allows broad shell invocation permissions (Bash(infsh *)). These patterns create a realistic risk of supply-chain compromise or unintended data exfiltration if the remote endpoints or installer are compromised or if users pass sensitive data or credentials to pipeline steps. Recommend treating this skill as suspicious: do not run the curl|sh installer or npx skill installs in sensitive environments without verifying publisher integrity and checksums; prefer pinned, reproducible install artifacts; and audit what user data or asset URLs are sent to remote services.