files

This skill's stated purpose (listing uploaded files) aligns with most of its capabilities: parsing user options, calling a files API, and formatting results. However, it requests and echoes an API key and will automatically obtain a temporary key by contacting an external endpoint, then sends that key in Authorization headers to a base URL which can be overridden by an environment variable. These behaviors create credential exposure and credential-forwarding risks: if the environment or base URL is attacker-controlled or the remote domains are compromised, API keys and file metadata could be exfiltrated. The skill does not contain obvious code-execution or install-execute patterns, and there are no hardcoded credentials or obfuscated payloads. Recommended mitigations: avoid echoing secrets (read env vars without printing), do not accept arbitrary base URL overrides without validation or allowlist, document and warn users about the test-key generation step, and prefer interactive consent before using/generated credentials. Overall this is a medium-risk skill (credential-forwarding/exposure concerns) rather than confirmed malware.