sales-third-party

SUSPICIOUS: the skill’s purpose as a catalog is real, but its actual footprint is transitive installation of many unpinned third-party skills from mixed publishers. The official CLI lowers direct malware confidence, yet the trust expansion and lack of pinning/provenance checks make this a high supply-chain and transitive-installation risk.