This image-generation skill mostly does what it claims, but its optional Codex CLI provider gives a local Codex subprocess full filesystem-level authority, which is too broad for ordinary image generation.
Install only if you are comfortable with external image providers receiving your prompts and reference images. Avoid the `codex-cli` provider unless you intentionally want to use your logged-in Codex session and accept that it runs a full-access local Codex subprocess; prefer direct API providers when possible, avoid sensitive local reference images, and do not set wrapper/base-url override environment variables unless you fully trust the target.