cnb-skill

BENIGN with elevated operational risk. The skill’s capabilities, credentials, and official CNB data flows are broadly aligned with its stated purpose, and the dependency appears same-org and officially documented. The main concern is that it instructs the agent to perform state-changing CNB actions without explicit confirmation, which makes the skill risky for autonomous use even without signs of credential theft or malicious exfiltration.