aigc-director

The skill bundle is classified as suspicious due to several high-risk security practices and vulnerabilities. Most notably, 'llm_gemini.py' and 'vlm_gemini.py' route traffic through a hardcoded third-party proxy IP (35.164.11.19), which poses a significant risk of intercepting user API keys and sensitive prompts. Additionally, 'image_processor.py' contains a hardcoded Aliyun API key and explicitly disables SSL certificate verification ('verify=False'), while 'api_server.py' implements an insecure wildcard CORS policy. While these features may be intended to facilitate access in restricted regions or simplify local development, they introduce critical vulnerabilities that compromise the security of the agent's environment.