ideogram-migration-deep-dive

SUSPICIOUS. The skill's migration capabilities broadly fit its stated purpose, and its data flows do not show obvious credential harvesting or proxy interception. However, the referenced Ideogram SDK package and documentation domain are not publicly verified as official, while the skill asks the agent to install and execute that package and grants broad file/edit/kubectl powers. This is more consistent with a high-trust but weakly verified migration guide than confirmed malware.