account-research

This skill description is functionally coherent and aligned with its stated purpose: performing account and person research using web search with optional enrichment and CRM connectors. There is no evidence of malware, download-execute chains, or obfuscated/hidden payloads. The main security concern is privacy and scope: enabling Enrichment or CRM connectors exposes PII and historical CRM data which the skill will merge into generated output. Because the documentation does not specify least-privilege OAuth scopes, logging/retention, redaction controls, or explicit consent flows, implementers could inadvertently grant excessive access or leak sensitive data through report outputs or logs. Recommended mitigations: require explicit, minimal scopes (read-only, account-limited), display clear consent notices, redact or mark sensitive PII in outputs, log access events, and avoid forwarding raw credential material. Overall verdict: functionally benign but with moderate privacy/supply-chain risk if connectors are granted excessive permissions or if outputs are stored/shared without protections.