video-prompting-guide

The file is a non-malicious user guide for prompt engineering and using the inference.sh CLI. The primary security concerns are operational and supply-chain: the recommended curl|sh installer pattern and npx-based skill installation expand the trusted surface and create realistic attack vectors for distribution compromise and credential or data exfiltration. There is no direct evidence of embedded malware or obfuscation in the provided content, but following the recommended one-liner without manual checksum verification and broadly allowing npx skill installs or wildcarded agent infsh permissions increases security risk. Recommend: avoid pipe-to-shell installs (perform manual download + checksum verification), limit npx installs to reviewed packages, and restrict agent/tool permissions (avoid wildcarded infsh invocations).