google-veo

SUSPICIOUS: the core purpose is coherent, but the skill routes usage through an external platform CLI, requires login to that CLI, uses an official yet weak `curl|sh` install model, and encourages transitive skill installation. This is not clearly malicious, but it carries medium security risk and higher trust requirements than a narrowly scoped direct API integration.