m26-resend-email

SUSPICIOUS: The skill’s capabilities fit its stated email-automation purpose, and its data flows mostly match official Resend/Gmail usage. However, install provenance is incomplete because the upstream GitHub source is unspecified and dependencies are unpinned, while the skill also instructs manual copying of multiple sensitive credential files between machines. This is more consistent with a legitimate but higher-risk operational skill than with confirmed malware.