image-gen

The manifest and workflow text are consistent with an image-generation skill that uses a remote Gemini-like model. There is no direct evidence in this fragment of explicit malicious payloads (reverse shells, hardcoded exfiltration endpoints, obfuscated downloader). However, several supply-chain and operational issues create moderate security risk: (1) dangerously specific instruction to source a named user’s secrets file, (2) opaque network endpoints and lack of SDK/URL transparency, (3) dynamic/unpinned dependency execution via 'uv run', and (4) overly-broad permissions (Bash, Write). Recommended mitigations: remove any instruction to use another person’s secrets and require users to set their own GEMINI_API_KEY securely; explicitly show/verifiable API endpoints and request patterns; pin or vendor dependencies with integrity checks; limit or remove Bash permission; and require inspection of the actual scripts (generate.py, edit.py, compose.py) before trusting the package. With those mitigations the package appears usable; without them treat usage as suspicious and audit scripts thoroughly.