anygen

SUSPICIOUS. The core behavior is broadly consistent with a hosted content-generation skill, but risk is elevated by unverified CLI provenance in the provided evidence and explicit transitive installation of another skill through that CLI. This looks more like a moderately risky SaaS/agent-extension workflow than confirmed malware.