logo-design-guide

The logo-design guide is not malicious in content but recommends workflows that create supply-chain and data-exposure risk: specifically, piping a remote installer into the shell, relying on binaries hosted on a project-specific domain, uploading local assets to a remote inference service, and encouraging transitive npx installs. There is no evidence in the text of obfuscation or active malware, but following the instructions without independent verification could lead to credential theft or exfiltration of sensitive images if the remote service or distribution is compromised. Recommended mitigations: avoid curl|sh; download installers to inspect them, verify checksums and ideally cryptographic signatures, run installers in isolated environments, use throwaway or least-privilege accounts for testing, and review privacy/retention policies before uploading proprietary assets.