anygen

SUSPICIOUS: The core behavior mostly aligns with a content-generation skill, and installs come from standard registries. However, the skill has a broad footprint, sends user content to a not-publicly-well-documented service, executes third-party browser-fetched rendering code from CDN domains, and explicitly hides operational details from the user. This is not confirmed malware, but the trust and data-flow model is broader and less transparent than a narrowly scoped content tool.