baoyu-image-gen

The skill aligns reasonably with its stated purpose of multi-provider AI image generation, including prompts, references, and aspect ratios. However, several risk signals are present: reliance on multiple external API keys and providers increases credential exposure surface; EXTEND.md as a blocking setup step introduces a potential trust boundary where configuration data could influence behavior; and undetailed supply-chain risk around the use of bun/npx and potential third-party dependencies. Overall, the footprint is moderately risky (suspicious-to-moderate) given the data flows to external APIs and the potential for credential exposure, but not clearly malicious. Close attention should be paid to secret management, explicit data handling/retention policies, and ensuring EXTEND.md/configs are securely sourced and verifiable.