generate-image

SUSPICIOUS. The stated purpose is coherent with image-generation APIs, and the only explicit package install is benign (`requests` from PyPI), but the skill’s core behavior depends on an unseen local script that reads API keys from a .env file and runs with broad Bash(*) permissions. Data appears intended for official providers rather than a third-party proxy, so this is not confirmed malicious, but the unverifiable local implementation and credential handling make the skill medium risk.