portfolio-deal-linker

SUSPICIOUS: The skill’s capabilities broadly fit its stated purpose, and its data flows appear aimed at legitimate sales attribution. Risk comes from trust gaps around unverified MCP server implementations, credential handling inside those servers, cross-system email/CRM correlation, and unnamed sibling-skill dependencies—not from overt malicious behavior or obvious exfiltration paths.