apifox-image-gen

The skill contains a hardcoded API key in `image_gen.py` and relies on a third-party API proxy (jyapi.AI-WX.CN). It is classified as suspicious due to security vulnerabilities: the hardcoded credential and the use of `urllib.request.urlretrieve` on external API responses, which could potentially be exploited for local file access (SSRF/Local File Read) if the API returns a malicious file URI.