sahara-intention-level-skills

SUSPICIOUS: The skill’s purpose is plausible, but its actual data flow is not internally trustworthy because all requests and the API key are sent to an undocumented proxy domain instead of a verifiable official Sahara API endpoint. Main risk is credential forwarding and interception through a third-party gateway, not confirmed malware.