god-tibo-imagen

SUSPICIOUS: the skill’s purpose is coherent, but its footprint is riskier than normal because it reads raw Codex auth from ~/.codex/auth.json, depends on an undocumented backend, and includes a transitive skill-install path from a different repo/org than the stated source. Not confirmed malware, but credential handling and install trust are weak enough to warrant caution.