ai-daily-digest

SUSPICIOUS: the core RSS-to-digest workflow is coherent with the stated purpose, and there is no clear credential harvesting or exfiltration path. However, the skill uses unpinned transient npm executions, includes a weaker-security `--no-sandbox` Chrome render path, and processes untrusted external content while retaining write/exec capabilities, making it a medium-risk skill rather than benign.