newsletter-curation

SUSPICIOUS: the skill’s newsletter purpose is plausible, but its footprint is broader than necessary because it requires a same-org external CLI, routes work through inference.sh-managed app backends, includes social-post creation, and recommends installing additional skills. The install source appears official and documented, which lowers malware confidence, but the intermediary data flows and transitive trust chain keep overall risk at medium.