blog-psquared

SUSPICIOUS: the skill is purpose-aligned for blog publishing and uses official Supabase APIs, so it does not look malicious. However, it reads a powerful service-role key from a local file, performs autonomous public posting without approval, and mixes web research with publishing authority, creating medium security risk.