gpt-imagegen

SUSPICIOUS. The skill's image-generation behavior is mostly coherent, but its data flow is not: it encourages sending prompts, local images, and API keys to a configurable 'OpenAI-compatible' endpoint, and the documented example uses examine.com rather than OpenAI's official API domain. With no malicious payload or covert exfiltration beyond the declared API calls, this is not confirmed malware, but it is a high-risk credential-routing and data-flow integrity issue.