homepage-audit

The skill is conceptually benign and aligned with its stated CRO auditing purpose. It relies on user-supplied input (URL, screenshot, or copy) and produces an actionable report with a rewritten headline and prioritized fixes. The primary security considerations revolve around optional live page fetching (network calls) and ensuring user consent and privacy for any outbound requests. No credential handling or exfiltration appears to be required or implied. Overall risk remains low with proper usage discipline; treat outbound fetches as a potential data flow that should be disclosed to the user.