sales-kit

SUSPICIOUS: Most of the skill is benign documentation for Kit/ConvertKit and uses official Kit endpoints, with no direct credential access or exfiltration. The main issue is the unrelated transitive skill installation note using an unpinned `npx` flow to fetch another skill from an unverified third-party repo, which expands trust beyond the skill’s stated purpose and raises medium supply-chain risk.