threads-engagement

SUSPICIOUS: the skill’s capabilities largely match its stated purpose, but it is high risk because it automates public social actions, handles live session cookies/credentials, and lets the agent read untrusted social content while posting as the user. No clear third-party credential exfiltration or malware is shown, but the browser/session access and autonomous posting footprint are substantial.