reserve-with-google

This skill is functionally coherent for its stated purpose (automating reservations via Google Maps and third-party booking providers). The primary security concerns are credential and sensitive-data exposure: saved browser profiles and state files can contain authentication tokens, and proxy configurations with embedded credentials or environment variables can leak secrets. The skill will legitimately forward personal booking data to external booking providers; this is expected but increases the attack surface, especially if a malicious or compromised booking page is visited. There are no direct download-and-execute commands or obfuscated code in the skill itself, and it requires user confirmation before final submission which reduces autonomous abuse. Overall, treat this skill as operationally useful but moderate risk: advise users to protect saved profiles/state files, avoid embedding proxy credentials in command lines or shared env vars, and verify booking domains before completing submissions.