qwen-image-pro

The skill enables generation of images via a third-party CLI that is downloaded and executed at install time, followed by login and remote processing. While the capability aligns with generating images from prompts, the download-and-execute pattern and potential credential storage introduce noticeable supply-chain and credential-handling risks. The data flows involve user prompts and generated outputs through an external CLI service, with unclear guarantees about data privacy and token handling. Overall, the footprint is moderately high risk for a tooling skill and should be treated as suspicious until installing from verified registries and with explicit, bound, auditable data flows and credential handling.