pulumi-neo

This Pulumi Neo skill is functionally consistent with its stated purpose: it orchestrates tasks against the Pulumi Cloud Neo API and requires a Pulumi personal access token. The primary security concerns are credential sensitivity (PULUMI_ACCESS_TOKEN) and the operational power of approval actions which can cause infrastructure changes. There are no signs of obfuscated or malicious code, no download-and-execute supply-chain patterns, and network flows go to the official Pulumi API domain. Treat this skill as legitimate but sensitive: ensure tokens are stored/used safely, restrict who or what can call approval endpoints, and audit any local scripts (scripts/neo_task.py) before running to confirm they handle inputs safely and do not auto-approve actions.