anygen-image

SUSPICIOUS. The skill’s core function aligns with image generation, and the credential requested is proportionate, but it relies on an external CLI to handle auth and encourages transitive installation of another skill. With only partial verification of the CLI publisher/package relationship, this is not clearly malicious but carries meaningful supply-chain and trust-chain risk.