LinkFoxAI

The skill provides comprehensive AI media generation tools but is classified as suspicious due to high-risk functionality and a lack of input sanitization in `linkfoxai.py`. The `upload-base64` command permits reading arbitrary local files without path validation, which could be exploited for data exfiltration of sensitive files like SSH keys. Additionally, the `api-call` command serves as a generic proxy to any platform endpoint, and the `SKILL.md` instructions grant the agent significant autonomy in task execution and timeout handling, which increases the potential impact of prompt injection attacks.