customer-persona

Verdict: SUSPICIOUS. The skill’s described workflow matches its stated purpose, but it relies on downloading and executing an external CLI from a non-official source, uses an allowlist that includes broad Bash access, and directs data through third-party services. This creates notable supply-chain, data-flow, and credential-exposure risks. Recommend restricting to verified, signed binaries from official registries, adding explicit data-flow approvals, and ensuring all credentials are scoped and audited before enabling in production. If kept as-is, treat with elevated securityRisk and monitor for any credential or data leakage through the external CLI.