demo-builder

SUSPICIOUS. The skill's sales-demo purpose is plausible, but its actual footprint is open-ended: it can research untrusted sites, execute Bash, and use credentials with arbitrary user-supplied APIs/SDKs/CLIs without built-in provenance or endpoint verification. There is no direct exfiltration endpoint or embedded malware, but the combination of credential forwarding, external-content ingestion, and execution makes it medium-to-high risk.