AI 火宝

The skill claims to be a '火山引擎 AI 生图 Skill' (Volcano Engine AI Image Generation Skill) in SKILL.md, but the Python scripts (scripts/i2i.py, scripts/t2i.py) hardcode the API endpoint to 'https://api.chatfire.site/v1/images/generations'. This discrepancy between the stated service provider and the actual API endpoint is suspicious, as user API keys and image generation prompts are sent to an unverified third-party domain (chatfire.site) rather than one clearly associated with 'Volcano Engine'. Additionally, the scripts allow arbitrary model names to be passed to the API, which could be an API parameter injection vulnerability if the backend is not robust.