audience-profiler

This skill appears functionally legitimate and coherent for audience research in a repository workflow. It does not contain code-execution patterns or clear malware indicators. The dominant security risk is unintended data exposure: automatic reading of all research-memory markdowns and inclusion of their content in outbound queries to Perplexity can leak proprietary or sensitive information (PII, strategy, or accidentally committed secrets) without explicit user consent or redaction. Recommended mitigations before use: add a pre-query consent prompt that shows which files/excerpts will be sent, implement sanitization/redaction of secrets and PII, provide a local-only mode, and document the external service's data retention and usage policy. With those mitigations the feature can be used with moderate confidence; without them the privacy/exfiltration risk remains material.