ai-artist

No explicit malware or data-theft logic is evident in this fragment; its core behavior is intended prompt construction and calling Google Gemini to generate an image, then saving returned bytes to disk. The highest security risk is execution-path/supply-chain risk from runtime sys.path injection that prioritizes a user-writable home directory (~/.claude/scripts), enabling import hijacking if that directory or module names are tampered with. A secondary risk is arbitrary file overwrite potential via the user-supplied --output path, since the script writes model-returned bytes without path restrictions or safety checks. Review and harden sys.path/import strategy (avoid home dir sys.path insertion), and validate/restrict output paths in deployments.