industry-research

SUSPICIOUS. The skill's capabilities largely match its music-research purpose and its credential/data flow appears to target the vendor's official domains, but the undocumented provenance of the required `recoup` CLI prevents a benign classification. Main risk is moderate supply-chain uncertainty plus prompt-injection exposure from researching arbitrary web content.