prophet-growth-agent

SUSPICIOUS. The skill’s overall purpose is plausible, but it relies on Playwright to harvest a live Privy JWT from browser localStorage, forwards that token for API use, and persists outputs to a separate Seren service. Those behaviors are somewhat aligned with the workflow but broader and riskier than a lightweight growth-check/reminder skill should need. No confirmed malware or overt exfiltration endpoint is present, but the token-handling and third-party storage design create meaningful medium risk.