p-image

SUSPICIOUS: the core purpose and data flows are mostly coherent for an image-generation skill, but risk is elevated by a custom pipe-to-shell CLI installer, broad `belt` Bash permission, credential use through that CLI, and explicit transitive skill installation. This looks more like a legitimate but higher-trust platform integration than malware.