image-mcp

SUSPICIOUS. The workflow is superficially aligned with image generation/editing, but the core dependency is an undocumented and unverifiable `image-mcp` CLI, while available evidence suggests the official product is accessed via a hosted MCP/OAuth flow instead. That mismatch, combined with credential handling and automatic file uploads through the CLI, creates high install-trust risk and medium data-flow risk.