Zhipu Image Generator

The skill provides legitimate image generation functionality via Zhipu AI but contains a JSON injection vulnerability in `scripts/generate_image.sh`. The script constructs a JSON payload for a `curl` request by directly interpolating unescaped variables (`$PROMPT`, `$SIZE`), which could allow malformed or malicious input to manipulate the API call. Additionally, the script permits writing files to arbitrary system locations via the `-o` (output directory) parameter.