generated-photos

SUSPICIOUS. The skill is mostly aligned with its stated purpose and uses an official npm-distributed CLI from the same vendor ecosystem, so this is not confirmed malware. However, it routes all authentication and Generated Photos interactions through Membrane rather than the official Generated Photos API, creating an intermediary trust and data-flow layer; combined with an unpinned global CLI install, this makes the skill medium risk rather than benign.