twill-cloud-coding-agent

The Twill Cloud Coding Agent skill aligns with its stated purpose of managing Twill's public v1 API workflows and uses standard Bearer token authentication via environment variables. Its footprint is focused on API calls and data returned by those endpoints. However, there are notable security considerations: the API key must be protected from exposure in logs or stdout, and care must be taken to avoid leaking secrets through command hints or verbose outputs. No unverifiable binaries or external downloads are present, which lowers supply-chain risk. Overall, the skill is BENIGN-to-MEDIUM risk due to credential handling and data-flow exposure concerns; with proper secret management and output redaction, it remains coherent with its intended developer tooling purpose. Security risk and related scores reflect moderate credential-exposure potential rather than active malicious behavior.