newsletter-curation

SUSPICIOUS. The core newsletter-curation purpose mostly matches the capabilities, but the skill is broader than necessary: it grants wildcard CLI execution, fetches untrusted external content, uses a pipe-to-shell installer, and encourages installing additional skills. The installer appears same-org and officially documented, which lowers malware concern, but the combination still creates medium security risk for an AI agent skill.