keyid-agent-kit-mcp

BENIGN for stated purpose but HIGH-RISK in operation. The skill is internally consistent: it installs a KeyID package from npm and routes email functions to KeyID.ai as advertised. The main security issue is proportionality of autonomous outbound email actions and processing of untrusted inbound email, which can let an agent send messages or act on prompt-injection content without explicit approval.