inbox

SUSPICIOUS: The skill is purpose-aligned and uses project-consistent endpoints, so it does not look like credential theft or covert exfiltration. However, it gives an AI agent the ability to read untrusted inbound content and perform paid wallet-backed outbound messaging, creating high real-world action risk and moderate prompt-injection exposure.