commercial

SUSPICIOUS. The skill’s capabilities fit commercial media generation, but trust and data-flow integrity are weakened by the unverified `genmedia` naming mismatch and by routing prompts and uploaded media through a third-party gateway instead of direct provider APIs. This looks more like a medium-risk vendor-proxy workflow than confirmed malware.