get-leads-at-company

The skill design aligns with a GTM lead enrichment and outreach workflow, but it relies on potentially high-risk data flows and a non-verifiable install method. The primary concerns are: (1) download-and-execute install via curl|bash from an external domain (unverifiable provenance); (2) broad data movement of personal/professional data through multiple third-party services and AI prompts, which increases privacy/consent risk; (3) lack of explicit credential management and scoping for API keys across services. Overall, this is a suspicious-to-high-risk integration given the supply-chain and data-flow patterns, though it can be legitimately used by a developer with strict provenance checks, verifiable registries, clear consent, and documented credential handling. Treat as SUSPICIOUS pending stronger provenance/auth guarantees.