sales-peerlist

SUSPICIOUS: the core Peerlist guidance is benign and proportionate, but the skill embeds a third-party transitive install command unrelated to Peerlist’s direct function. Risk comes from unpinned npm execution and trust inheritance into another skill, not from credential theft or overtly malicious behavior in this skill itself.