antigravity-image-gen

This skill performs expected image-generation tasks but presents moderate supply-chain and credential exfiltration risk: it programmatically reads persistent OAuth tokens and forwards them to a non-public-sounding sandbox endpoint. If used in a controlled internal environment where the sandbox is authoritative and audited, the tool is likely acceptable. For broader distribution or untrusted environments, do not use until: the Node.js code is reviewed, endpoint ownership and TLS are verified, safer auth patterns are implemented, and file-path handling is validated. Treat the package as potentially risky until those mitigations are confirmed.