gpt-image-2

SUSPICIOUS. The skill's purpose and data flows are mostly coherent for remote image generation, but the install/execution trust is weaker than claimed: it uses an unpinned npm CLI and the documentation overstates it as aligned with an 'official SDK' despite evidence Pilio says no official SDKs exist yet. Main risk is supply-chain and credential forwarding to the CLI, not clear malware or overt exfiltration.