ideogram-core-workflow-a

SUSPICIOUS: the skill’s stated purpose is plausible, but the actual instructions are too incomplete to justify its broad npm-enabled Bash access, and its documentation links do not match the official Ideogram docs domains from the provided evidence. No confirmed malware or exfiltration is shown, but the skill is under-specified and relies on transitive trust for auth setup.