cook-the-blog

SUSPICIOUS. The core blog-writing purpose is plausible, but the skill is overpowered: it researches untrusted web content, executes external scripts/builds, uploads files, pushes directly to a repository, and sends mandatory email summaries. The data flows are not clearly malicious, yet the scope and autonomy are disproportionate for a writing skill and create meaningful supply-chain, prompt-injection, and credential-exposure risk.