ai-product-photography

SUSPICIOUS: the skill’s core purpose is coherent, and its data flow to image-generation services fits that purpose, but it introduces medium supply-chain risk by requiring an external CLI installed through mutable shell-based paths and expands trust further with transitive skill installation instructions. No clear credential theft or unrelated exfiltration is present, so this is better classified as a risky but plausibly legitimate platform skill than malware.