logo-batch-generator

SUSPICIOUS: the overall purpose is coherent, and the API endpoint/model align with Gemini logo generation, but the skill’s trust model is weak because an unverifiable local script receives the raw API key and performs the network call. This is not confirmed malware, but it is a medium-high security risk due to credential forwarding and opaque execution.