youtube-thumbnail

The skill's stated goal of autonomous YouTube thumbnail generation with multi-backend support is broadly coherent, but the actual footprint raises security concerns. The use of an unverifiable external binary (mcp-imagen-go) and broad credential exposure paths (multiple API keys) combined with autonomous execution create non-trivial risk. While not proven malicious, the configuration warrants cautious evaluation, restricted trust, and explicit user consent for autonomous actions. Treat as SUSPICIOUS (with high caution) due to supply-chain and data-flow concerns.