cve-validation

No explicit malicious code was found in the provided skill documentation. The primary risks are operational/supply-chain: dependence on high-value environment credentials, opaque MCP-managed tooling/endpoints, and transitive trust in downstream skills. These create a moderate security risk if MCP tooling or configuration is compromised because credentials and system-context data could be exposed or misused. Recommend applying least-privilege tokens, endpoint/code audits for MCP tools, restricting downstream skill execution to vetted components, and protecting local docs used for consultation to reduce indirect injection risk.