layered-img

SUSPICIOUS. The skill’s capabilities are mostly coherent with its stated image-layering purpose and it does not request credentials or route data through obvious attacker infrastructure. The main concern is install trust: optional PPT export relies on unpinned npm dependencies whose publisher/provenance was not verified from the provided evidence, so the skill carries medium supply-chain risk rather than clear malicious intent.