product-hunt-launch

This skill is documentation for optimizing Product Hunt launches and uses the inference.sh CLI to generate images and run searches. The content itself is not malicious, but it contains multiple supply-chain and credential-handling risks: the explicit curl|sh install instruction (download-and-execute), reliance on hosted binaries, use of a managed CLI that collects credentials (infsh login), invocation of third-party apps that receive prompts/files, and guidance to install transitive skills via npx. These patterns are legitimate for a managed CLI workflow but are high-value supply-chain vectors and warrant caution. Users should avoid piping remote scripts directly into a shell, verify checksums out-of-band, audit the CLI and any transitive skills before installation, and avoid sending sensitive files or credentials to third-party apps unless the service and its data handling are trusted.