flux-image

SUSPICIOUS: the skill’s purpose is coherent, and the main data flow appears aligned with inference.sh image generation, but the footprint includes transitive skill installation, broad Bash access, mutable install instructions, and some publisher/package-name ambiguity. This looks more like a medium-risk trust-chain and supply-chain issue than confirmed malicious behavior.