message-test

SUSPICIOUS. The skill’s purpose and file access are mostly aligned with marketing analysis, and there is no explicit credential harvesting or third-party API proxying. However, it executes an undocumented local tool (audience-simulator.py) with CRM-grounded data and provides no provenance, install path, or verification details, leaving execution trust unresolved and raising moderate security risk.