bulkgen

SUSPICIOUS: The skill’s capabilities mostly match its stated image-generation purpose, and credential scope is limited to a single API key plus optional image inputs. However, it relies on opaque bundled scripts in the local skill directory, asks users to provide a live key inline, and does not provide verifiable script provenance or explicit API endpoint transparency. This is more consistent with a moderately risky, unverifiable integration than confirmed malicious behavior.