andocs

Overall, the skill aligns with its stated purpose of guiding Andocs usage and rendering features. However, the presence of a curl|bash install step for Bun constitutes a notable supply-chain/download-execute risk, which elevates the security concern to MEDIUM. There is no explicit credential harvesting, no autonomous financial actions, and no obvious exfiltration of user secrets. The data flows are mostly documentation-driven and rely on standard tooling; external references are for documentation resources rather than user data exfiltration. Given the combination of legitimate tooling guidance with a non-pinned, non-authenticated install path, the skill is mostly benign but contains a meaningful risk pattern that warrants caution during automated evaluation.