flux-image

SUSPICIOUS: The skill's image-generation behavior is broadly aligned with its purpose, but its trust chain is weaker than ideal. The main concerns are transitive skill installation, reliance on a third-party CLI for login/API handling, and mixed `belt-sh`/`inference-sh` ownership signals; these raise medium security risk without proving malicious intent.