nb-image-generation

SUSPICIOUS. The skill's purpose is coherent, but its trust model is weak: it requires installing a third-party CLI and forwarding a Gemini API key and image data to it without verified official provenance or transparent endpoint documentation in the provided evidence. This is not confirmed malware, but it is a high-risk credential-forwarding and supply-chain pattern for an AI agent skill.