youdotcom-cli

No malicious code or supply-chain download-execute patterns were found. The skill is a Bash-based wrapper that calls official You.com APIs (api.you.com) and a related content indexing host (ydc-index.io) using curl and jq. The required API key is read from an environment variable and sent only to the declared endpoints. Primary risks are operational: accidental disclosure of YDC_API_KEY, and improper execution of untrusted fetched content if users/agents ignore the guidance to treat responses as untrusted. Validate that ydc-index.io is an official/expected domain for your use case before providing keys.