imagen

SUSPICIOUS. This wrapper skill is purpose-aligned and does not itself exfiltrate data, but its primary behavior is to steer the agent toward installing a third-party upstream skill from a personal GitHub repo with no visible verification controls. That transitive install pattern makes the overall entry medium risk despite otherwise coherent stated functionality.