apollo-debug-bundle

The skill is broadly aligned with its stated purpose of collecting Apollo debug data for support. The footprint is largely proportional and does not install external binaries. However, there are notable data-flow concerns: credentials are read from the environment and transmitted as query parameters to API calls, and the resulting bundle may contain metadata about the API key. While the bundle is sanitized, best practices would avoid exposing credentials in logs or local files; consider header-based authentication, stronger redaction, and ensuring the bundle is stored/transmitted securely. Overall, the activity is suspiciously cautious but not malicious; treat as benign-to-suspicious with mitigations around credential handling and data retention.