product-photography

This repository/text is a benign prompt-and-workflow guide for generating product photography via infsh and third-party model backends. However, it instructs high-risk operational patterns: executing a remote installer via curl | sh, installing transitive npm skills, and uploading local images and credentials to remote services without detailed guidance on secure handling. These behaviors raise a moderate security risk (possible inadvertent data leakage or supply-chain compromise) rather than clear malicious code. Recommendations: avoid piping remote scripts into a shell; require pinned releases and signature verification for installers/binaries; document credential storage, token scopes, and retention; warn users to strip EXIF and review images before upload; treat npx-installed skills as untrusted until audited; restrict agent autonomy when running infsh or performing uploads.