leetcode-coach

SUSPICIOUS: The skill's core behavior mostly matches its purpose, but it depends on an externally authenticated TinyFish CLI to browse public sites and fetch content, with limited public verification for the exact CLI package path. The biggest risks are supply-chain trust in the CLI and indirect prompt-injection from remote content combined with local file writes; there is no clear evidence of malware or credential theft beyond normal third-party service mediation.