enginemailer-automation

SUSPICIOUS: the skill's core purpose is coherent, but its trust and data-flow model is only partially disclosed. It relies on a same-vendor hosted MCP intermediary that manages credentials and executes Enginemailer actions remotely, while the documentation misleadingly says no API keys are needed. This is not confirmed malware, but it carries medium risk due to third-party credential mediation and indirect API routing.